Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

WordPress 5.8.1 Patches Several Vulnerabilities

WordPress 5.8.1, a security and maintenance release announced last week, fixes 60 bugs and several vulnerabilities.

WordPress 5.8.1, a security and maintenance release announced last week, fixes 60 bugs and several vulnerabilities.

Users have been informed that the latest update includes three security fixes, including for a data exposure flaw related to the REST API, and a cross-site scripting (XSS) issue in the block editor. WordPress 5.8.1 also updates Lodash, a JavaScript library that provides utility functions for common programming tasks, to address security issues.

These vulnerabilities affect WordPress versions between 5.4 and 5.8. All versions starting with 5.4 have been updated and they include patches for the vulnerabilities.

WordPress developers also mentioned that XSS and privilege escalation vulnerabilities affecting the block editor have been identified and patched during the beta testing period for version 5.8.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised users and administrators to review the release notes and upgrade their installations. Websites that support automatic background updates should already be updated.

WordPress websites are always targeted in attacks, but in a majority of cases threat actors exploit vulnerabilities in popular plugins rather than flaws affecting the WordPress core.

Related: Vulnerability That Allows Complete WordPress Site Takeover Exploited in the Wild

Related: Remote Code Execution Flaws Patched in WordPress Download Manager Plugin

Advertisement. Scroll to continue reading.

Related: WordPress 5.7.1 Patches XXE Flaw in PHP 8

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

SplxAI, a startup focused on securing AI agents, has announced new CISO Sandy Dunn.

Phillip Miller is joining tax preparation giant H&R Block as VP and CISO.

Linx Security has appointed Sarit Reiner Frumkes as Chief Technology Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.