Fwd: [CIVN-2020-0219] Multiple Vulnerabilities in WordPress

Severity Rating: High

Systems Affected

· WordPress versions 5.4.1 and prior

Overview

Multiple vulnerabilities have been reported in WordPress that could allow a

remote attacker to perform cross-site scripting attack, gaining elevated

privileges or sensitive information disclosure on the targeted system.

Description

These vulnerabilities exist due to insufficient sanitization of

user-supplied data, and improper impose of security restrictions. A remote

attacker could exploit these vulnerabilities by executing arbitrary script

code in user's browser.

Successful exploitation of these vulnerabilities could allow the attacker

to perform cross-site scripting attack, gaining elevated privileges or

access to sensitive information on the targeted system.

Solution

Upgrade to WordPress version 5.4.2

https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance

- -release/

Vendor Information

WordPress

https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance

- -release/

References

WordPress

https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance

- -release/

Wordfence

https://www.wordfence.com/blog/2020/06/wordpress-5-4-2-patches-multiple-xss

- -vulnerabilities/

US-CERT

https://www.us-cert.gov/ncas/current-activity/2020/06/11/wordpress-releases

- -security-and-maintenance-update

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0219] Multiple Vulnerabilities in WordPress

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive