WordPress inosuma chigamba chekukurumidzira kune ina dzakakomba kusagadzikana. WordPress 5.8.3 inowanikwa nekukasira.
WP_Meta_Query uye WP_Query, makirasi maviri akakosha uye anoshandiswa zvakanyanya mune yemukati manejimendi system, akawanikwa ari panjodzi yekurwiswa neSQL jekiseni. Kurwiswa kweXSS kwakaitwa kuti kugoneke nepost slugs (iro rakasarudzika zita remapeji muURL). Mamwe maWordPress multisites aive zvakare akarerekera kune PHP chinhu jekiseni. Iyo yekupedzisira inogadzira njodzi yekuremote kodhi kuuraya (RCE).
WordPress 5.8.3 inogadzirisa kusagadzikana uku. Patching ndiro zano rekukurumidza. Zvinoenderana neUS National Vulnerability Database, kusazvibata kwakakosha.
Zano: Log4Shell - isina kumboitika maitiro, zvidzidzo zvakaoma kune vanogadzira software
Cause
Pakupera kwa2021, vagadziri veWordPress vakatarisana nebasa rinorema. Chikwata ichi chaitarisira kuburitsa kuburitswa kukuru kunotevera kwepuratifomu (5.9) muna Zvita 2021. Hurongwa hwakazove husingaite. 5.9 yakamisikidzwa kusvika Ndira 25, 2022.
Addison Stavlo, mumwe wevagadziri veakavhurika-sosi chikuva, akatsanangura iyo 5.9 kuvandudza maitiro se "mutsvuku mureza" uye "kumhanyisa zvine njodzi". Tsvaga Engine Journal, svikiro yepamhepo, inofungidzira kuti kusasimba kwacho kungadai kwakadziviswa nenzvimbo yakawanda uye kutarisa kune chengetedzo. Izvo zvine musimboti wekukosha, asi kumanikidzwa kwebasa ndekwenguva pfupi. Kusagadzikana kwave kuripo kubva 2013.