This week, the WordPress development team released on Thursday the version 5.0.1 of the popular CMS, that addresses several flaws.
The Researcher Tim Coen discovered several cross-site scripting (XSS) vulnerabilities in the CMS. One of the flaws is caused by the ability of contributors to edit new comments from users with higher privileges. Coen also discovered that it is possible to trigger XSS flaws by using specially crafted URL input against some plugins.
Coen along with the researcher Slavco Mihajloski discovered an XSS vulnerability that allows authors on websites running on Apache servers to upload specially crafted files that bypass the MIME verification.
“Prior to 5.0.1, WordPress did not require uploaded files to pass MIME type verification, so files could be uploaded even if the contents didn’t match the file extension. For example, a binary file could be uploaded with a .jpg extension,” wrote WordPress developer Ian Dunn. “This is no longer the case, and the content of uploaded files must now match their extension. Most valid files should be unaffected, but there may be cases when a file needs to be renamed to its correct extension (e.g., an OpenOffice doc going from .pptx to .ppxs).”
Another flaw discovered by experts at Yoast affects some uncommon configurations and causes the user activation screen being indexed by search engines. This could lead the exposure of email addresses and some default passwords in “some rare cases.”
Karim El Ouerghemmi discovered that security issues allows authors to alter metadata and delete files that they normally would not be authorized to delete.
Security expert Sam Thomas discovered that contributors could use specially crafted metadata for PHP object injection.
The last flaw was discovered by Simon Scannell from RIPS Technologies, il could be exploited by authors using specially crafted input to create posts of unauthorized types.
Security updates that addressed the above flaws have been released for WordPress 4.9 and older releases. Version 5.0 already includes the fixes.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.