Multiple Vulnerabilities in Wordpress

Post author:shashikant redekar
Post published:May 28, 2021
Post category:Vulnerabilities
Post comments:0 Comments

Original Issue Date: May 28, 2021

Severity Rating: HIGH

Software Affected

WordPress versions 3.7 to 5.7, PHPMailer library versions 6.1.8 to 6.4.0

Overview

Multiple vulnerabilities have been reported in WordPress which could be exploited by a remote attacker to perform Code Injection, SQL Injection, Path Traversal and Denial of Service, depending on the context, on the targeted system.

USB Port Lock and Key| RJ 45 Blocker | Cyber Security | Data Security | usb port lock software, usb port lock, link lock, usb port blocker, usb port, full form of usb in computer, usb types, usb stand for

Description

These vulnerabilities exist in the PHPMailer library due to improper sanitisation of user-supplied input. An attacker could pass ad-hoc serialized strings to a vulnerable unserialize() call and inject arbitrary PHP objects into the application scope.

Successful exploitation of these vulnerabilities could allow the attacker to perform code injection, SQL injection, path traversal and denial of service, depending on the context on the targeted system.

Solution

Apply appropriate fixes as issued by vendor in the following link:

https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/

Please Share This Share this content

You Might Also Like

Multiple vulnerabilities in Cisco SD-WAN

Multiple vulnerabilities in Microsoft product

Multiple Vulnerabilities in Google Android

Leave a Reply Cancel reply

Share this content