 |
| WordPress fixes the 3 year old bug |
The WordPress web publishing software platform has released update 5.5.2, which fixes a very dangerous bug that allows remote attackers to gain control of a target website through a well-designed denial of service attack.
Security and Maintenance version 5.5.2 of WordPress fixes general security vulnerabilities and introduces several functional improvements to the platform.
WordPress said: This update is a security and maintenance release before the next major release 5.6 and all versions will be updated since 3.7.
Of the ten vulnerabilities that were fixed, an important security vulnerability, categorized as high risk, could be exploited to allow attackers to remotely execute code on the system where the vulnerable website resides.
The vulnerability could allow an attacker to compromise the affected site. The vulnerability exists as a result of mismanaging internal application resources, which makes a denial of service attack a problem in remote code execution.
The impact of a vulnerability could be great, but the likelihood of repeated, large-scale attacks by enemies is very small, said Omer Janiyev, founder of DeteAct, the researcher who discovered the vulnerability.
He added: The attacks are very exciting, but difficult to repeat. Even if the conditions are right, you should be able to create a very accurate DoS attack.
Ganaev discovered the vulnerability three years ago and reported the vulnerability in July 2019. The delay was to investigate various types of proof-of-concept vulnerabilities.
The platform does not believe that the vulnerability has been widely exploited.
Four medium bugs affecting 5.5.1 and earlier have also been fixed.
Unauthorized online users can exploit three of these four vulnerabilities: cross-workplace programming vulnerabilities, inappropriate access control errors, and cross-workplace impersonation requests.
The average fourth error (a vulnerability that overrides restrictions) can only be triggered by an authenticated remote user.
Among the moderate bugs, cross-site programming vulnerabilities can be the most serious.
A successful attack allows remote attackers to steal confidential information, change the appearance of websites, and launch phishing attacks.