post-image

WordPress 5.5.3 – New security fixes

İletişim

WordPress 4.5 security fixes are now available for all versions of the popular blogging platform, including the newest version of WordPress.

WordPress 5.6 will be released in the coming weeks.

In a blog post on Monday, WordPress’ Chief Security Officer Andrew Crocker wrote that the latest version of the platform has been patched to fix an issue with the way it handles SSL certificates.

“This issue allows attackers to bypass HTTPS protection and use the web server to forge certificates that are not valid and trust-based,” Crocker said.

“While the issue affects all versions (5.5, 5.4, and 5.3) of WordPress, this issue has been addressed for the latest versions, 5-6.0, and we are aware of several other versions of WordPress as well.”

WordPress’ latest security fixes, published on Monday by Crocker, include fixes for the following vulnerabilities: * A denial of service vulnerability in the way the site handles SSL connections and sessions, where an attacker can cause a web server in a local network to repeatedly crash due to an unexpected error.

* An unauthenticated attack where an individual or an entity with administrative privileges could use a malicious certificate to gain administrative access to the WordPress.com site.

* A cross-site scripting (XSS) vulnerability that allows an attacker to inject JavaScript into a web page that is being displayed on a site hosted by WordPress.

If the page is used by an authenticated user, it can lead to a denial of services attack.

It is not clear when or if these updates will be rolled out to all users.

The latest version has not been officially released to the public, and it will be possible to access it for free through a free web hosting service.

A number of WordPress security fixes have also been released by the WordPress community in the past, including fixes for several issues with the WordPress core, a number of known security flaws, and the recent addition of HTTPS support.

WordPress users can download the latest security update through their WordPress dashboard.

Tags:
, , , ,