Security releases are integral to the safety of your software. Lately, WordPress issued a new security release–version 6.0.3, on October 17, 2022. This version includes a large number of security bug patches to fix software vulnerabilities for not to be exploited by people with malicious intentions.
This article will serve as a guide, providing the necessary information about the security release features introduced for WordPress 6.0.3.
Stored XSS via wp-mail.php (post by email)
Improves WordPress’s Mailbox writing function’s security by preventing lower permission users from submitting arbitrary HTML (e.g., XSS) when they should not.
Open redirect in wp_nonce_ays
It protects against an open redirect risk, which allows an attacker to offer a link to the WordPress website’s domain name but redirect to another URL of the attacker’s choice. It might be used with phishing bouts.
The sender’s email address is exposed in Wp-mail.php
It improves privacy and prevents information leakage via the sender’s email address. It is done employing not outputting the author’s email address wp-mail.php, which may be publicly available to any visitor if a site has enabled and set “Post through email” in Settings > Writing.
Media Library – Reflected XSS via SQLi
This security bug fix tackles a problem in which a SQL injection might occur in the media library, with the answer containing an XSS payload. The attack needs sufficient authorization levels to interact with WordPress’s media library.
CSRF in wp-trackback.phpThis bug fixes a CSRF problem requiring a logged-in user to click a malicious link to wp-trackback.php.
Stored XSS via the Customizer
The WordPress customizer updated its handling of user-inputted data, which may result in XSS by an authorized user with theme customizer access.
Revert shared user instances introduced in 50790
This undoes a previous WordPress core change, which might result in erroneous replies in user-related functions.
Stored XSS in WordPress Core via Comment Editing
This patch solves a stored XSS problem in which a person writing a remark might leave a benign payload. However, a full-fledged XSS is triggered if an administrator or anyone with unfiltered HTML access later modifies the remark with the benign XSS payload.
Data exposure via the REST Terms/Tags Endpoint
Prevents WordPress REST APIs from returning keywords or tags from unpublished posts.
Unauthenticated users may be able to get the terms or tag values of an unpublished post but not the post’s content.
Content from multipart emails leaked
It addresses an unusual case in which sending multipart emails results in the content body of an email being leaked in subsequent outgoing emails.
SQL Injection due to improper sanitization in WP_Date_Query.
It prevents a component (plugin or theme) from delivering unsafe data to WP Date Query.
RSS Widget: Stored XSS issue
This patch hardens the RSS Widget’s security; it possibly connects to or supports the Gutenberg RSS widget fix below.
Stored XSS in the search block
An account with the ability to edit or contribute posts is required. XSS is prevented by using the Search block.
Feature Image Block: XSS issue
An account with the ability to edit or contribute posts is required. XSS is prevented by using the Feature Image block.
RSS Block: Stored XSS issue
An account with the ability to edit or contribute posts is required. XSS is prevented by using the RSS block.
Fix widget block XSS
An account with the ability to edit or contribute posts is required. Prevents XSS attacks using the Widget block.
