WordPress is calling this last WordPress update ‘short-cycle security & maintenance release’ before the critical 5.6 release version of the software.
Recently, WordPress released the latest version of its web publishing software, 5.5.2. With it, they have also tackled 10 security bugs in the software. These included a high-severity RCE that could cause damage to the users.
The recent WordPress update will allow WordPress 3.7 & all later versions to become current. Besides this, the update also brought along multiple amplifications in the software.
10 WordPress Bugs patched
WordPress software’s major achievement is in the fact that it could tackle 10 WordPress security bugs at once. Of this, the most dangerous was a high-severity bug. This would have allowed the trackers to take over any targeted website through a tailored denial-of-service attack. Any remote unauthenticated attacker could have used this bug to host the vulnerable website by executing remote code on system hosting.
According to WordPress’s bulletin, the inappropriate internal resources management functionality inside the application caused the vulnerability to exist. This can create a remote code execution issue by turning a denial-of-service attack. Thus, the vulnerability could allow any remote attacker to jeopardize the website.
Of the remaining 9 bugs, WordPress marked four as ‘medium risk’ which only affected versions 5.5.1 and earlier of the WordPress. Three bugs of these four were easily exploitable. Any ‘non-authenticated’ user could’ve done it with the internet. These vulnerabilities included:
- An improper access control bug
- A cross-site request-forgery vulnerability and
- A cross-site scripting flaw
The remaining fourth vulnerability was a security restriction bypass vulnerability, a medium-risk bug and only a remote authenticated user could’ve triggered it.
Of the aforementioned medium-risk vulnerabilities, the most minacious one was probably the cross-site scripting flaw. For any remote attacker, if they took the advantage of the vulnerability, they could have performed the following attacks:
- Changing webpage
- Stealing sensitive information
- Perform phishing and
- Cause drive-by-download attacks.
The bug was found 3 years ago, but disclosed in 2019!
Omar Ganiev was the researcher who found the malicious bug in the software nearly 3 years back. But it was only reported to WordPress in July 2019. The time between the recognition & reporting of the vulnerability was used by Omar for researching various proof-of-concept exploits. Omar as well as WordPress tend to believe that this vulnerability wasn’t exploited by the attackers in this duration.
As prompted by Omar, even though it was a high-impact vulnerability, reproducing the attack is much less likely for any adversary even if the accurate conditions existed. He explained how an attack could take place by saying that the key would be to prompt DoS on the MySQL & then un-DoS on the DB. This must be done under the same execution thread.
WordPress has now fixed these 10 vulnerabilities & performed other enhancements in the system as well. These are more towards reducing the risk & increasing ease for their users.
But can anyone be completely sure of how secure it is? With the increasing pace of cyber attacks every day, there is always a threat of vulnerabilities in the system. It is high time that WordPress looks for any possible vulnerabilities in their WordPress CMS that might be exploited later.