WordPress vulnerabilities warning
Even great server software like WordPress can end up with security vulnerabilities. WordPress is extremely complex, with thousands of files that have to work together to create the highly sophisticated websites you see out there.
One of the benefits of WordPress is that, as open source software, there are a great many developers constantly examining the software to find potential security vulnerabilities. Because it is so widely used, the massive resource base finds these issues quickly and alerts the community before they really have a chance to be exploited.
A substantial number of security holes have been identified in WordPress 5.5.1 and earlier versions. What makes this interesting is that this version was just released a few days ago. It’s encouraging to see that the WP community has so rapidly identified so many security challenges. Please make sure you immediately upgrade to version 5.5.2 in order to avoid these issues that create a potential security hole on your website. A total of 14 issues have been fixed, including 10 separate security flaws. Here’s a list of the primary issues that have been identified:
- Hardening of deserialization requests
- Disabling of spam embeds from disabled sites on a multisite network
- Cross-site scripting (XSS) via global variables
- XML-RPC privilege escalation
- Potential for DoS attack to lead to RCE
- Stored XSS in post slugs
- Protected meta data that could lead to arbitrary file deletion
If you have any questions or concerns, please get in touch.