Home > Cyber News > Critical Vulnerability Fixed in WordPress 5.7.2

Critical Vulnerability Fixed in WordPress 5.7.2

WordPress 5.7.2 Vulnerability Patch Now

Security researchers reported that an Object Injection Vulnerability is found in WordPress. The vulnerability impact has been rated as “critical” by the National Vulnerability Database. WordPress users should patch their sites as soon as possible.

The Critical Object Injection Vulnerability

The Object injection in PHPMailer security issue which is addressed by two vulnerabilities – CVE-2020-36326 and CVE-2018-19296, has alerted the cybersecurity space.

The flaw is rated at near the highest level of danger. On a scale of 1 to 10 using the Common Vulnerability Scoring System (CVSS), the latest CVE-2020-36326 is rated at 9.8.

The Owasp.org security website describes this PHP Object Injection vulnerability in the following way:

PHP Object Injection is an application-level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal, and Application Denial of Service, depending on the context.

According to an analysis of the official United States government National Vulnerability Database, the problem happened because of a fix for the previous vulnerability (CVE-2018-19296) which is also associated with the PHPMailer module. Apparently, the previous fix created a new vulnerability that demanded the immediate release of a WordPress update.

The critical WordPress vulnerability has been patched. The patch updates the WordPress system to version 5.7.2.

How to Update WordPress to Version 5.7.2

Which WordPress versions are affected by this critical vulnerability? Actually, the security issue is reported to affect WordPress versions between 3.7 and 5.7. Happily, all WordPress versions since 3.7 have been updated to fix the Object injection in PHPMailer vulnerability.

All sites that are set to download available updates automatically should be up to date now. In such a case publishers don’t have to take any additional actions. Still, all publishers are encouraged to check what WordPress version they are using and ensure that their sites are updated to version 5.7.2.

Site owners could also update to WordPress 5.7.2 manually by downloading the patch from WordPress.org, or visiting the WordPress Dashboard, selecting Updates, and clicking Update Now.

Gergana Ivanova

Highly motivated writer with 5+ years of experience writing for ransomware, malware, adware, PUPs, and other cybersecurity-related issues. As a writer, I strive to create content that is based on thorough technical research. I find joy in the process of creating articles that are easy to understand, informative, and useful. Follow me on Twitter (@IRGergana) for the latest in the field of computer, mobile, and online security.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share