Enjoy priority support and immediate help for your WordPress sites!

4 WordPress Core Vulnerabilities in March 2018

4 WordPress Core Vulnerabilities in March 2018

For your , be informed about the latest WordPress Core vulnerabilities, fixed in WordPress 4.9.5 Security and Maintenance Release from April 3, 2018.

WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:

  1. Don't treat localhost as same host by default. Related changeset: Disallow localhost in wp_http_validate_url().
    • A3: Cross-Site Scripting (XSS) reported by Ryan from Dewhurst . Issue publicly described: "Make sure the version string is correctly escaped for use in generator tags."
  2. Use safe redirects when redirecting the login page if SSL is forced. Related changeset: Switch to wp_safe_redirect() when redirecting the login page when SSL is forced.
    • A10: Unvalidated Redirects and Forwards reported by Ryan from Dewhurst . Issue publicly described: "Use safe redirects when redirecting the login page if SSL is forced."
  3. Make sure the version string is correctly escaped for use in generator tags. Related changeset: Escape HTML returned from get_the_generator()
    • A3: Cross-Site Scripting (XSS) reported by Ryan from Dewhurst . Issue publicly described: "Make sure the version string is correctly escaped for use in generator tags."

Immediately to version WordPress 4.9.5 to fix the above-reported vulnerabilities.

For your , be informed about the latest WordPress Core vulnerability IS STILL UNPATCHED since it's first official report January 29, 2018 or it's official disclosure date: Monday, February 5, 2018. All versions of WordPress starting with the latest 4.9.5 and below have the Application Denial of (DoS) type vulnerability.

WordPress <= 4.9.5 - Application Denial of Service (DoS)
type: DOS
fixed in version: (unpatched)
References:

Protect your WordPress: BEFORE IT'S TOO LATE! You will also protect your customers, your reputation and your online business!

Related Posts

Leave a comment