Site icon DataSec Peripherals Pvt Ltd

Multiple Vulnerabilities in WordPress

shashikant redekar

Original Issue Date: May 28, 2021

Severity Rating: HIGH

Software Affected

WordPress versions 3.7 to 5.7, PHPMailer library versions 6.1.8 to 6.4.0

Overview

Multiple vulnerabilities have been reported in WordPress which could be exploited by a remote attacker to perform Code Injection, SQL Injection, Path Traversal and Denial of Service, depending on the context, on the targeted system.

USB Port Lock and Key| RJ 45 Blocker | Cyber Security | Data Security | usb port lock software, usb port lock, link lock, usb port blocker, usb port, full form of usb in computer, usb types, usb stand for

Description

These vulnerabilities exist in the PHPMailer library due to improper sanitisation of user-supplied input. An attacker could pass ad-hoc serialized strings to a vulnerable unserialize() call and inject arbitrary PHP objects into the application scope.

Successful exploitation of these vulnerabilities could allow the attacker to perform code injection, SQL injection, path traversal and denial of service, depending on the context on the targeted system.

Solution

Apply appropriate fixes as issued by vendor in the following link:

https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/

Exit mobile version