Blesson Jacob
I am a highly motivated and tech-savvy individual with an unwavering passion for marketing.
WordPress users are advised to update to version 6.5.2, which includes security and maintenance fixes that address an XSS vulnerability. WordPress released...
WordPress users are advised to update to version 6.5.2, which includes security and maintenance fixes that address an XSS vulnerability.
WordPress released its 6.5.2 maintenance and Security update on April 9th with the major concern of XSS vulnerability. The patch was released as an immediate update. WordPress asked its users to install the as quickly as possible.
WordPress announced the 6.5.2 Maintenance and Security Release update that patches a store cross-site scripting vulnerability and fixes over a dozen bugs in the core and the block editor. The same vulnerability affects both the WordPress core and the Gutenberg plugin.
An XSS vulnerability was discovered in WordPress that could allow an attacker to inject scripts into a website that then attacks site visitors to those pages. There are three kinds of XSS vulnerabilities but the most commonly discovered in WordPress plugins, themes, and WordPress itself are reflected XSS and stored XSS.
Cross-site scripting (XSS) attacks can be of two types - Reflected XSS and Stored XSS. Reflected XSS requires a user to click on a link, making launching the attack a bit difficult. On the other hand, Stored XSS is more dangerous as it exploits a vulnerability that allows the attacker to upload a script into the site that can be used to attack its visitors. In the case of WordPress, a Stored XSS vulnerability was discovered.
This vulnerability is a stored XSS that requires the attacker to have at least contributor-level permissions to exploit the website flaw that makes the vulnerability possible. Therefore, the threat is somewhat mitigated as it is authenticated. On the Common Vulnerability Scoring System (CVSS), this vulnerability is rated as medium-level and scored 6.4 out of 10.
WordPress is recommending its users update to version 6.5.2 to avoid any malicious attack. The update has the required fixes and patches to the problem.
Suggested Posts:
Vulnerability in the WordPress Plugin For The Metform Elementor Contact Form Builder.
7 Reasons Why You Should Password Protect Your WordPress Site.