WordPress qhia txog qhov xwm txheej ceev rau plaub qhov tsis zoo. WordPress 5.8.3 muaj tam sim ntawd.
WP_Meta_Query thiab WP_Query, ob chav kawm tseem ceeb thiab siv dav hauv kev tswj cov ntsiab lus, tau pom tias muaj kev cuam tshuam rau SQL txhaj tshuaj tiv thaiv. XSS tawm tsam tau ua tau los ntawm kev tshaj tawm slugs (lub npe tshwj xeeb ntawm nplooj ntawv hauv URLs). Qee qhov WordPress multisites kuj tseem ua rau PHP khoom txhaj tshuaj. Qhov kawg tsim muaj kev pheej hmoo ntawm kev ua haujlwm ntawm cov chaw taws teeb tswj (RCE).
WordPress 5.8.3 kho cov qhov tsis zoo no. Patching yog cov lus qhia ceev. Raws li US National Vulnerability Database, qhov tsis zoo yog qhov tseem ceeb.
Tswv yim: Log4Shell - qhov kev cuam tshuam tsis tau muaj dua, cov lus qhia nyuaj rau cov neeg tsim tawm software
Cause
Thaum kawg ntawm 2021, WordPress cov neeg tsim khoom tau ntsib kev ua haujlwm hnyav. Pab neeg vam tias yuav tso tawm lub platform qhov kev tso tawm loj tom ntej (5.9) thaum Lub Kaum Ob Hlis 2021. Cov phiaj xwm tau dhau los ua tsis muaj tseeb. 5.9 tau raug ncua mus rau Lub Ib Hlis 25, 2022.
Addison Stavlo, yog ib tus tsim tawm ntawm lub platform qhib, tau piav qhia txog 5.9 txoj kev txhim kho raws li "tus chij liab" thiab "kev txaus ntshai heev". Search Engine Journal, qhov nruab nrab hauv online, kwv yees tias qhov tsis zoo tuaj yeem raug tiv thaiv nrog ntau qhov chaw thiab saib xyuas kev nyab xeeb. Qhov ntawd muaj qhov tseem ceeb ntawm tus nqi, tab sis kev ua haujlwm siab yog ib ntus. Cov kev tsis txaus ntseeg tau nyob ib puag ncig txij li xyoo 2013.