WordPress have now released an update to their service that patches a recent vulnerability that was detected and determined as critical. As many businesses and individuals use WordPress for their websites, it is important to be aware of this vulnerability and the risks that it presents to your site. It is also important to update your version of WordPress as soon as you can in order to protect yourself from the threat of hackers.
What is the vulnerability?
The vulnerability that was detected in the previous version of WordPress is known as an Object Injection vulnerability. An Object Injection vulnerability has the potential to allow hackers to perform a range of malicious attacks. These attacks could include code injection, SQL injection, path traversal, and Application Denial of Service.
What are the risks?
There are several risks that this vulnerability poses to WordPress and its users. Code injection, SQL injection and path traversal all allow an unauthorised party to view and access confidential files on WordPress that they should not be able to see. Often, a hacker will want to use these confidential files for malicious purposes. An Application Denial of Service attack could cause the application to shut down or be inaccessible to the intended users. Application Denial of Service attacks can be executed by flooding the target with traffic or by sending information that triggers a crash. All of these malicious activities would be detrimental to WordPress and to those who use the platform for their websites. The possibility of a hacker using this vulnerability to execute malicious demands through WordPress is a highly concerning security problem with the previous versions of the program.
Which versions of WordPress does the vulnerability affect?
More specifically, the vulnerability that affects these previous versions is a PHPMailer vulnerability and has been detected in versions of WordPress between 3.7 and 5.7. This vulnerability has been identified as being critical due to the potential that it has to destroy WordPress and/or the sites associated with it.
What’s the solution?
In response to the threat that this Object Injection vulnerability poses, WordPress has released a new update that repairs the vulnerability. WordPress version 5.7.2 is the new update that contains this patch. Due to the critical nature of the vulnerability, updating to this new version of WordPress is essential to avoid falling prey to hackers. If your website has been created through WordPress, update to version 5.7.2 as soon as you can to protect yourself from this vulnerability and the threats that it poses.
We are a friendly and reliable team that pays detailed attention to your projects and management of your brand. Our team at SEO Shark has a passion for all things online. We constantly innovate using the latest professional techniques and strategies.
