WordPress announced high threat level vulnerabilities that were introduced by the core development team itself. WordPress announced it has patched four vulnerabilities
that are rated
as high as 8 on a scale of 1 to 10
. The vulnerabilities are in the WordPress core itself and are due to flaws introduced by the WordPress development team itself.
The four vulnerabilities are
- SQL injection due to lack of data sanitization in WP_Meta_Query (severity level rated high, 7.4)
- Authenticated Object Injection in Multisites (severity level rated medium 6.6)
- Stored Cross Site Scripting (XSS) through authenticated users (severity level rated high, 8.0)
- SQL Injection through WP_Query due to improper sanitization (severity level rated high, 8.0)
How to protect yourself
1. Update EVERY Wodpress website you have installed. This includes the core, ALL themes and ALL plugins
2. Strongly consider using Astra Firewall and Malware Scanner
Astra provides a simple to install, minimal configuration firewall along with login protection and malware scanning and cleanup (if needed). This simple to use firewall will protect your website from hackers and keep it free from Malware. Sleep better at night knowing your websites won't be down in the morning when you wake up.
Learn more about Astra
Order Astra to protect your website
(1 license per domain): Order Astra Firewall License
If you have installed any Wordpress plugin in the past, you can install Astra. It's that simple! Otherwise, our Tech Support or Astra will install it for you.
Original Article: https://www.searchenginejournal.com/wordpress-core-vulnerabilities/432042/