The WordPress.org team announced a new version of the WordPress CMS today, one that includes fixes for eight security bugs and 17 maintenance issues.
The most critical security flaw the project fixed is a bug that allowed attackers to change a user's password by leveraging stolen cookies. The WordPress security team's Michael Adams discovered this issue internally.
Browser cookies are easy to steal, and there is a lot of publicly available exploit code that can be packed as a simple XSS and steal a user's cookie file, for a specific site, or for all.
The WordPress core team also fixed a redirect bypass in the theme customizer, reported by Yassine Aboukir, and an information disclosure issue via the page/post revision history feature, reported by Dan Moen and John Blackbourn.
Jouko Pynnönen and Divyesh Prajapati reported two different XSS (cross-site scripting) vulnerabilities. Both were found in the way WordPress handles post/page attachment names. Nothing too serious, but still, an XSS issue is dangerous if left unfixed.
WordPress 4.5.3 fixed 8 security issuesThe Automattic team also lent a hand, and Jennifer Dodd reported a denial of service issue that could block access to the site via malformed oEmbed codes.
WordPress 4.5.3 also fixed an low severity issue that allowed attackers to remove post categories. David Herrera from Alley Interactive discovered this flaw, and while it didn't allow for further escalation, it would have allowed a malintent hacker to mess up your site's internal content structure.
Last but not least, Peter Westwood, another member of the WordPress security team, also helped the project bolster its file name sanitization functions and prevent future exploitation by insecure input filtering.
WordPress comes with a built-in updater. Developers can set it up to auto-update or can trigger manual updates from their dashboard with the push of a button.
Source: WordPress 4.5.3 Fixes Bug That Allowed Password Change via Stolen Cookies
No comments:
Post a Comment