Blog

WordPress Core Vulnerabilities WordPress < 5.4.2 – Disclosure of Password-Protected Page/Post CommentsWordPress < 5.4.2 – Misuse of set-screen-option Leading to Privilege EscalationWordPress < 5.4.2 – Authenticated XSS via Theme UploadWordPress < 5.4.2 – Open RedirectionWordPress < 5.4.2 – Authenticated XSS via Media FilesWordPress < 5.4.2 – Authenticated XSS in Block Editor

Yesterday, June 10th, WordPress released version 5.4.2, which was a security and maintenance release. Version 5.4.2 of WordPress fixes 6 separate security issues. Three of which addressed authenticated Cross-Site Scripting (XSS) vulnerabilities. One addressing an potential Open Redirect vulnerability. One privilege escalation vulnerability, and one issue where password protected posts and pages comments could be exposed in certain…

WordPress Plugin Vulnerabilities Multi Scheduler <= 1.0.0 – Arbitrary Record Deletion via CSRFMapPress Maps < 2.54.6 – Improper Capability Checks in AJAX CallsbbPress < 2.6.5 – Authenticated Stored Cross-Site Scripting via the forums list tablebbPress 2.6-2.6.5 – Authenticated Privilege Escalation via the Super Moderator featurebbPress < 2.6.5 – Unauthenticated Privilege Escalation when New User Registration…