TTCSIRT-188.121318: TT-CSIRT Advisory – WordPress Security Updates
WordPress has released a security update stating that it has discovered the following vulnerabilities with WordPress ver 5.0 and earlier:
a) Authors can alter meta data to delete files that they are not authorized to.
b) Authors can create posts of unauthorized post types with specially crafted input.
c) URL inputs can lead to a cross-site scripting in some circumstances.
d) User activation screen could be indexed by search engines in some uncommon configurations leading to exposure of email addresses, and in some rare cases, default generated passwords.
Further information on these vulnerabilities and how they can be mitigated can be found on the WordPress Website at https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/ |