WordPress yana gabatar da facin gaggawa don manyan lahani huɗu. WordPress 5.8.3 yana samuwa nan da nan.
WP_Meta_Query da WP_Query, ajujuwa biyu masu mahimmanci kuma ana amfani da su sosai a cikin tsarin sarrafa abun ciki, an gano suna da rauni ga harin allurar SQL. Harin XSS ya yiwu ta hanyar slugs (sunan musamman na shafuka a URLs). Wasu rukunin yanar gizo na WordPress kuma sun kasance masu saurin kamuwa da allurar abu na PHP. Ƙarshen yana haifar da haɗarin aiwatar da lambar nesa (RCE).
WordPress 5.8.3 yana gyara waɗannan raunin. Patching ita ce shawarar gaggawa. A cewar Cibiyar Bayar da Lalacewar Jama'a ta Ƙasar Amurka, raunin yana da mahimmanci.
Tukwici: Log4Shell – tasirin da ba a taɓa ganin irinsa ba, darussa masu wahala ga masu haɓaka software
Dalilin
A ƙarshen 2021, masu haɓaka WordPress sun fuskanci nauyi mai nauyi. Ƙungiyar ta yi fatan fitar da babban fitowar dandamali na gaba (5.9) a cikin Disamba 2021. Shirin ya zama marar gaskiya. 5.9 an dage shi zuwa 25 ga Janairu, 2022.
Addison Stavlo, ɗaya daga cikin masu haɓaka dandalin buɗe ido, ya bayyana tsarin ci gaba na 5.9 a matsayin "jan tuta" da kuma "mai haɗari mai haɗari". Binciken Injin Bincike, matsakaicin kan layi, yayi hasashen cewa za a iya hana raunin da ya faru tare da ƙarin sarari da kulawa ga tsaro. Wannan yana da mahimmancin ƙima, amma matsin aiki na ɗan lokaci ne. Matsalolin sun kasance tun daga 2013.