(pc- google images) |
The WordPress security team has released version 4.3.1 which is now available for download. This release fixes three issues including two cross-site scripting vulnerabilities and a potential privilege escalation. The vulnerabilities were revealed by Check Point researchers Shahar Tal and Netanel Rubin.
The first vulnerability CVE-2015-5714, a cross-scripting issue was present in all WordPress versions 4.3 and earlier. The earlier versions were vulnerable to this issue while processing shortcode tags.
Most users are very well-acquainted with shortcodes and it is a valuable asset for WordPress developers. The Check Point researchers have found a fault in the way shortcodes are handled. In general, a "KSES filtering is performed prior to the insertion of data into the DB, and shortcode parsing is performed when printing it to responses."
The researchers, then, came up with a method that tangled HTML code with the shortcode’s content, and they were able to leave an HTML anchor tag open to perform persistent attacks. This as the HTML and shortcode validations took place at different times.
The second vulnerability CVE-2015-5714, a privilege escalation bug, grants the users to publish private posts and even make them sticky on a site. This last vulnerability could have a greater impact on WordPress websites that use the CMS' built-in user management features to build a community around the site.
Besides this, WordPress has also fixed 26 bugs in this new version.