WordPress Plugins Themes API Submit Contact

WordPress Plugins Themes API Submit Contact Security Scanner

Login

Register

WordPress 5.4 to 5.8 - Lodash Library Update

Description

On September 9, 2021 WordPress version 5.8.1 was released fixing three vulnerabilities.

The official blog post states:

"The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes."

The Lodash changelog states that a command injection vulnerability was recently patched. See references.

Affects WordPresses

Fixed in version 5.8.1✓

Fixed in version 5.7.3✓

Fixed in version 5.7.3✓

Fixed in version 5.7.3✓

Fixed in version 5.6.5✓

Fixed in version 5.6.5✓

Fixed in version 5.6.5✓

Fixed in version 5.6.5✓

Fixed in version 5.6.5✓

Fixed in version 5.5.6✓

References

URL

https://wordpress.org/news/2021/09/wordpress-5-8-1-security-and-maintenance-release/

URL

https://github.com/lodash/lodash/wiki/Changelog

URL

https://github.com/WordPress/wordpress-develop/commit/fb7ecd92acef6c813c1fde6d9d24a21e02340689

Classification

Type

INJECTION

OWASP top 10

Miscellaneous

Verified

No

WPVDB ID

5d6789db-e320-494b-81bb-e678674f4199

Timeline

Publicly Published

2021-09-09 (about 4 months ago)

Added

2021-09-09 (about 4 months ago)

Last Updated

2021-09-09 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin