In early January 2022, the WordPress Core Security development team announced a security vulnerability in WordPress core files. This threat is considered serious, with a high level of vulnerability.
What are the details of the WordPress core security issue? Then, how to deal with it? Read this article to the end, okay!
Table of Contents
Four WordPress Core Security Flaws
The WordPress core files harbor security allegedly, this was caused by a development error from the WordPress team itself.
The U.S. government’s National Vulnerability Agency said that the issue with WordPress’ core was a vulnerability level 8, on a scale of 1 to 10.
Together with the team from WordPress, the organization was able to identify threats in core files into four types, namely :
- SQL Injection in the WP_Meta_Query file (high vulnerability rating, rating 7.4). This issue is caused by a lack of sanitization (cleaning) of the data on the file, resulting in a potential attack through malicious SQL commands.
- SQL Injection in WP_Query file (high vulnerability rating, 8.0 rating). The cause of this threat is due to inappropriate data sanitation. This allows SQL attacks to occur via malicious plugins or themes.
- Starred Cross Site Scripting (XSS) (high vulnerabilities, rating 8.0). This vulnerability makes it easier for low-level users (e.g. contributors) to attack higher-level users (e.g. admins) with malicious XSS commands.
- Authenticated Object Injection (medium vulnerability rating, 6.6 rating). On a multisite website, users with Super Admin level can bypass security barriers under certain conditions via object injection.
Two of the four core WordPress vulnerabilities occur because of errors in the data sanitization process. So, what is data sanitization actually? Check it out in the next point!
Cause Of Threats : Data Sanitization Issues In WordPress
Data sanitization is the process of cleaning or filtering the data that enters the database. Good data from user input, API, or other web services. The point is to ensure the database is not compromised by malicious data.
Well, the imperfect data sanitization process causes intruders to penetrate the database through malicious SQL commands. As a result, they can access all information stored in databases, including sensitive information.
In fact, the sanitization system in WordPress Core Security Issues Threatening Millions Of Websites quite sophisticated because it is able to ward off 16 types of dangerous threats. But for some reason, intruders are still able to penetrate the security system fortunately, WordPress acted quickly to patch the security vulnerability. How’s the detail? Find it out in the next point!
WordPress Update So The Solution
Not long after the security threats appeared, the WordPress development team immediately released the latest updates. Namely, version 5.8.3 which focuses on fixing the already mentioned security issues. Therefore, the release does not bring new features.
So, that’s why as a WordPress user, you are encouraged to update immediately. This is a precautionary measure so that your website does not become a victim of malicious attacks that can happen at any time.
Then, how to update WordPress? Easy, visit your WordPress dashboard, then select the Updates menu. On this page, the latest version 5.8.3 will appear, click the Update Now button.
WordPress update will take place, please wait for the process to finish. If so, you will see a screen like the one below, it means the WordPress update has been successful.
Although it seems easy, updating WordPress is sometimes a hassle because you have to manually check. Fortunately, we have a practical solution, namely the Auto Update WordPress feature, this feature is available for you Niaga hoster customers.
Immediately Secure Your WordPress Website!
Now, you have identified the security loophole in Core WordPress Core Security Issues Threatening Millions Of Websites. You also know that updating your WordPress version, either manually or automatically, is a great way to deal with this.
Even so, using the latest version of WordPress is only one way to keep your website secure. There are lots of things you need to do, such as enabling SSL and installing security plugins.