Aquaboutic | Focus Security Research | Vulnerability Exploit | POC

Home

wordpress 5.1.1 release, fix csrf vulnerability

Posted by bax at 2020-03-01
all

Content Description: WordPress 5.1.1 has been released, which is a security and maintenance version. WordPress 5.1.1 contains 14 problem fixes and enhancements. It fixes a comment CSRF vulnerability that may cause cross site scripting attacks. The full update includes: 1. Provide the "update PHP" button to help users and users

WordPress 5.1.1 has been released, which is a security and maintenance version. WordPress 5.1.1 contains 14 problem fixes and enhancements, and fixes a comment CSRF vulnerability that may trigger cross site scripting attacks. The full update includes:

1. Provide the "update PHP" button to help users and host suppliers update PHP to the minimum supported version at least, so as to prepare for WordPress 5.2;

2. A pair of security patches, which fix a vulnerability of cross site script attack caused by malicious comments. The vulnerability loads and executes XSS payloads with the help of a hidden iframe, allowing unauthenticated attackers to execute arbitrary HTML and script code, potentially taking over vulnerable WordPress. "The CSRF vulnerability exploits multiple logic flaws and errors that, in combination, can lead to remote code execution and complete takeover of the site," rip technologies said. The vulnerability affects all versions of WordPress before 5.1.1;

3. Other bug fixes.

You can see the complete list of changes on trac.

It is worth noting that WordPress 5.1.1 is a short cycle maintenance version, and the official expectation is that version 5.1.2 will follow a similar two-week release pace.

Now you can download WordPress 5.1.1 or go to dashboard → update and click update now. Sites that support automatic background updates have started automatic updates.

From: cnBeta

The above is the whole content of this article, I hope it will help you in your study, and I also hope you can support the code rural network

Follow us for more it information^_^

Recommend:

Relevant software recommendations:

View all labels