WordPress speedily addresses security issue in new version 6.3.2, to fix over 49-vulnerabilities,Within hours of multiple blogs reporting on CVE-2023-45603 vulnerability found in user-submitted posts, surfaced.
Approximately five hours ago, WordPress responded to the situation, by swiftly addressing the issue. Also, an article was published announcing the availability of the new update.
In a post issued few hours ago titled “WordPress 6.3.2- Maintenance and Security release“, WordPress stated that:
“This security and maintenance release features 19 bug fixes on core, 22 bug fixes for the block editor, and 8 security fixes.”
The Eight Major Security Update are Based on the following Reports:
- First security flaw pertained to a potential exposure of user email addresses.
- Second security flaw is linked to a Remote Code Execution (RCE) vulnerability through POP chains.
- Third vulnerability is connected to a Cross-Site Scripting (XSS) issue within the post link navigation block.
- Fourth issue revolved around the inadvertent exposure of private post comments to other users.
- Fifth flaw enables logged-in users to execute malicious shortcodes.
- Sixth issue was discovered through a third-party security audit, identifying an XSS vulnerability in the password screen.
- Seventh vulnerability is an XSS vulnerability found in the footnotes block.
- Eighth issue is associated with Cache Poisoning, resulting in a Denial of Service (DoS) vulnerability.
WordPress disclosed that Version 6.3.2 is a short-cycle release, and subsequently provided link to the maintenance updates in the release.
WordPress emphasized stating that:
“Because this is a security release, it is recommended that you update your sites immediately. Backports are also available for other major WordPress releases, 4.1 and later”
The open source program stated that a next major release version 6.4, should be expected on 7th November 2023.
WordPress also congratulated all the security bug researchers and contributors to the update in 6.3.2.
We at FixitGearWare Security strongly recommend that users with CMS (Content Management System) and CRM (Customer Relationship Management) systems operating on the WordPress application promptly implement proactive security measures.
Please do let us know in the comment section what are your thoughts about this.