BrightPlugins_Logo_Horizontal

Black Friday is here! 30% OFF on ALL our Pro Plugins

coupon: black-friday-30off
Buy now
state-of-wordpress-security-in-2023

WordPress 6.0.3 Security Update – 16 Vulnerabilities That Must Be Fixed

Contents

The WordPress 6.0.3 Security Update contains patches for many vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code to exploit.

We want to share these vulnerabilities so you know them and take action to avoid a potentially hacked site.

1. Authenticated (Contributor+) Stored Cross-Site Scripting via RSS Widget/Block
Affected Versions: WordPress Core < 6.0.3 & Gutenberg < 14.3.1
Researcher:  N/A
CVE ID: Pending
CVSS Score: 6.4(Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Fully Patched Version: 6.0.3
Changeset: https://core.trac.wordpress.org/changeset/54543

A contributor-level attacker could create a page on a site they controlled that returned an error code and a malicious script in the Content-Type response header. 

2. Authenticated Stored Cross-Site Scripting via Search Block
Affected Versions: WordPress Core < 6.0.3 & Gutenberg < 14.3.1
Researcher: Alex Concha
CVE ID: Pending
CVSS Score: 6.4(Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Fully Patched Version: 6.0.3
Changeset: https://core.trac.wordpress.org/changeset/54543

It is possible for users that can edit posts to inject malicious JavaScript via the Search Block’s Text color and Background color attributes. 

Description: Authenticated Stored Cross-Site Scripting via Featured Image Block
Affected Versions: WordPress Core < 6.0.3 & Gutenberg < 14.3.1
Researcher: N/A
CVE ID: Pending
CVSS Score: 6.4(Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Fully Patched Version: 6.0.3
Changeset: https://core.trac.wordpress.org/changeset/54543

Enjoying this article?
Share it on social media!

Check out another blog post!

Guide to Updating WordPress and Key Fixes in Version 6.6.1
Understanding the Importance of Updates Regular WordPress updates are vital for site security, functionality, and performance. They fix vulnerabilities, enhance features, and ensure compatibility with the latest web standards. Preparing for the Update Manual Update Process Automatic Update Process Post-Update Checks Handling Update Issues Essential Points Key Fixes and Enhancements in WordPress 6.6.1 Overview of […]
Read more
WordPress in 2024: Key Updates and Innovations
Major Releases and Features In 2024, WordPress plans three significant updates: version 6.5 in March, 6.6 in July, and 6.7 in November. These updates will continue the Gutenberg project’s Phase 3, focusing on enhanced real-time collaboration, typography management, and improved publishing workflows. Voice Search Optimization With voice search becoming increasingly popular, WordPress will integrate voice […]
Read more
Enhancing Your Website’s Security: A Comprehensive Guide
Securing a WordPress site is crucial to protect it from various threats and vulnerabilities. Here are some essential steps to enhance your WordPress security based on guidelines from multiple sources: Key Security Measures Additional Security Tips Summary of Key Points By following these steps, you can significantly enhance the security of your WordPress site, protecting […]
Read more
What Are Some Common WordPress Security Issues
WordPress is a powerful and widely-used platform, but its popularity also makes it a target for cyberattacks. Ensuring your WordPress site is secure is crucial to protecting your data, maintaining your reputation, and providing a safe experience for your users. Here are some of the most common security issues that WordPress sites face and practical […]
Read more
Wordpress-global-reach-state-of-the-word-2024-in-tokyo
WordPress’s Global Reach: State of the Word 2024 in Tokyo
In a landmark announcement, WordPress co-founder Matt Mullenweg revealed that the 2024 State of the Word will be hosted in Tokyo, Japan, on December 16. This event marks only the second time the annual address will take place outside North America, following last year’s event in Madrid, Spain. The choice of location highlights the global […]
Read more
wordpress-sop-security-protocols
WordPress Website Security Protocols Standard Operating Procedure (SOP)
Security Measures You Need to Consider When Managing a WordPress Website In your ongoing commitment to safeguarding digital assets and enhancing website security, we are implementing comprehensive security protocols for WordPress website management. These measures are designed to protect against unauthorized access and ensure that your team adheres to the best practices in digital security. […]
Read more
1 2 3 6
Back to all Blog posts
BrightPlugins_Logo_Horizontal
Subscribe to our Newsletter

Subscribe

This field is for validation purposes and should be left unchanged.
Visit our FacebookVisit our InstagramVisit our TwitterVisit our LinkedInVisit our YouTube channel
Copyright © 2024 All Rights Reserved to Bright Plugins
arrow-leftarrow-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram