BrightPlugins_Logo_Horizontal
state-of-wordpress-security-in-2023

WordPress 6.0.3 Security Update – 16 Vulnerabilities That Must Be Fixed

Contents

The WordPress 6.0.3 Security Update contains patches for many vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code to exploit.

We want to share these vulnerabilities so you know them and take action to avoid a potentially hacked site.

1. Authenticated (Contributor+) Stored Cross-Site Scripting via RSS Widget/Block
Affected Versions: WordPress Core < 6.0.3 & Gutenberg < 14.3.1
Researcher:  N/A
CVE ID: Pending
CVSS Score: 6.4(Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Fully Patched Version: 6.0.3
Changeset: https://core.trac.wordpress.org/changeset/54543

A contributor-level attacker could create a page on a site they controlled that returned an error code and a malicious script in the Content-Type response header. 

2. Authenticated Stored Cross-Site Scripting via Search Block
Affected Versions: WordPress Core < 6.0.3 & Gutenberg < 14.3.1
Researcher: Alex Concha
CVE ID: Pending
CVSS Score: 6.4(Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Fully Patched Version: 6.0.3
Changeset: https://core.trac.wordpress.org/changeset/54543

It is possible for users that can edit posts to inject malicious JavaScript via the Search Block’s Text color and Background color attributes. 

Description: Authenticated Stored Cross-Site Scripting via Featured Image Block
Affected Versions: WordPress Core < 6.0.3 & Gutenberg < 14.3.1
Researcher: N/A
CVE ID: Pending
CVSS Score: 6.4(Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Fully Patched Version: 6.0.3
Changeset: https://core.trac.wordpress.org/changeset/54543

Enjoying this article?
Share it on social media!

Check out another blog post!

wordpress-sop-security-protocols
WordPress Website Security Protocols Standard Operating Procedure (SOP)
Security Measures You Need to Consider When Managing a WordPress Website In your ongoing commitment to safeguarding digital assets and enhancing website security, we are implementing comprehensive security protocols for WordPress website management. These measures are designed to protect against unauthorized access and ensure that your team adheres to the best practices in digital security. […]
Read more
why-you-might-need-the-woocommerce-brands-plugin
,
Why You Need the WooCommerce Brands Plugin
The WooCommerce Brands plugin adds brand functionality to your WooCommerce store, allowing you to organize and showcase products by their manufacturers, designers, or brands. This functionality provides several benefits and differs from simply using product categories in a few key ways: Why You Might Need the WooCommerce Brands Plugin Brand Recognition: Customers often shop based […]
Read more
WordPress Hooks Actions Filters
A Guide to WordPress Hooks, Actions, and Filters
Welcome to “A Guide to WordPress Hooks, Actions, and Filters.” In the vast realm of WordPress development, understanding hooks, actions, and filters is essential for unlocking the full potential of this powerful platform. Hooks serve as the backbone of WordPress customization, allowing you to seamlessly modify and extend its functionality. Actions enable you to perform […]
Read more
Future of WordPress 2025
The Future of WordPress by 2025
WordPress has come a long way since its launch in 2003 as a simple blogging platform. Today, it powers over 40% of all websites, including some of the world’s most popular sites, such as The New York Times, CNN, and Forbes. But what does the future hold for WordPress, and where is the platform headed […]
Read more
state-of-wordpress-security-in-2023
State of WordPress Security In 2023
The challenge is the ever-evolving state of WordPress security in 2023, safeguarding against the newest cyber threats. WordPress has been a popular website CMS platform since its inception in 2003. However, with popularity comes the risk of security threats. As we enter 2023, it’s essential to take stock of the current state of WordPress security. WordPress […]
Read more
Image for New Linux-malware exploits backdoors
New Linux Malware Exploits Backdoors to over 30 Plugins on WordPress sites
The recent emergence of a new Linux malware is cause for alarm among webmasters and website administrators. The unknown malicious code exploits over 30 plugins to gain backdoor access to WordPress sites. According to cyber security experts, this exploit could be used by hackers for malicious activities ranging from data theft and manipulation to distributed […]
Read more
1 2 3 6
Back to all Blog posts
BrightPlugins_Logo_Horizontal
Subscribe to our Newsletter

Subscribe

This field is for validation purposes and should be left unchanged.
Visit our FacebookVisit our InstagramVisit our TwitterVisit our LinkedInVisit our YouTube channel
Copyright © 2024 All Rights Reserved to Bright Plugins
arrow-leftarrow-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram