WordPress 4.7.5 patches six vulnerabilities affecting version 4.7.4 and earlier, including cross-site scripting (XSS), cross-site request forgery (CSRF), and server-side request forgery (SSRF) flaws.
The CSRF flaw patched in the latest WordPress release was reported by Yorick Koster of Netherlands-based Securify. The security hole was discovered in the summer of 2016 as part of a WordPress hacking competition run by Securify, but it was patched only now by WordPress developers.
“This vulnerability can be used to overwrite the FTP or SSH connection settings of the affected WordPress site. An attacker can use this issue to trick an Administrator into logging into the attacker’s FTP or SSH server, disclosing his/her login credentials to the attacker,” Securify wrote in its advisory.
The SSRF flaw, reported by Ronni Skansing and tracked as CVE-2017-9066, has been described by WordPress developers as insufficient redirect validation in the HTTP class. The researcher said the details of the vulnerability and proof-of-concept (PoC) code will soon be made available on the HackerOne platform.
Skansing was also credited for reporting an XSS flaw related to uploading very large files. An XSS bug was also found by Weston Ruter of the WordPress security team in the Customizer feature.
Another member of the WordPress security team, Ben Bidner, identified an issue related to lack of capability checks for post metadata in the XML-RPC API. WordPress 4.7.5 also patches a different vulnerability in the same API.
WordPress announced this week the launch of a public bug bounty program covering the WordPress CMS, BuddyPress, bbPress and GlotPress. Researchers are also invited to report flaws discovered in the WordPress.org, WordCamp.org, BuddyPress.org, WordPress.tv, bbPress.org and Jobs.WordPress.net websites.
Seven researchers, including Skansing, had already earned more than $3,700 by the time the public bug bounty program was announced.
Related: Many WordPress Sites Hacked via Recently Patched Flaw
Related: Unpatched WordPress Password Reset Flaw Disclosed
Related: WordPress Attacks Powered by Router Botnet Drop Rapidly
Related: WordPress Content Injection Flaw Makes XSS Bug More Severe
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
Latest News
- Dozens of Malicious Extensions Found in Chrome Web Store
- What if the Current AI Hype Is a Dead End?
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- SBOMs – Software Supply Chain Security’s Future or Fantasy?
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
