WordPress update fixes a series of high-severity vulnerabilities

Four flaws were patched in latest WordPress update

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Developers atWordPresshave pushed out an automatic update to millions of users, patching their websites and eliminating multiple vulnerabilities.

Some of these vulnerabilities were so severe that if exploited, could allow the attacker to completely take over the site, whereas others were less dangerous and required some level of admin access to be exploited.

In total, four vulnerabilities were patched withWordPress version 5.8.3. Webmasters and other administrators are advised to double-check the version of WordPress their site runs on, to make sure they cannot be targeted.

Big platform, big target

Analyzing the security release, WordPress security plugin developers Wordfence said the patch was backported to every version of WordPress since 3.7, the first version that supports automatic core updates for security releases. That means that practically all websites should be secure, as “any sites that remain vulnerable would only be exploitable under very specific circumstances.”

WordPress is the world’s most popular website builder, and as such, is often the target of malicious actors and other cyber crooks. It offers users a web store with thousands of plugins, many of which could carry dangerous vulnerabilities.

Less than a month ago, it was reported that more than 800,000 WordPress websites were still vulnerable to a “simple” takeover vulnerability, due to not patching up the “All in One”SEOWordPress plugin.

Automattic security researcher Marc Montpas, who first spotted the flaws, said abusing these flaws on vulnerable sites is easy, as all the attacker needs to do is change “a single character to uppercase” to circumvent all privilege checks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Roughly two months ago, a vulnerability in the Starter Templates - Elementor, Gutenberg & Beaver Builder Templates plugin, allowed contributor-level users to completely overwrite any page on the site, and embed malicious JavaScript at will. In this case, more than a million sites were at risk.

The same month, the “Preview E-mails for WooCommerce” plugin was also found to hold a serious flaw, potentially allowing attackers complete site takeover. The plugin was used by more than 20,000 sites.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Squarespace just launched its biggest update ever. I asked what that means for your business

Shopify just made it easier to access all your financial tools in one place

Sonos Arc Ultra review: the best one-box Dolby Atmos soundbar for the price, with one grating flaw