I-WordPress yazisa indawo engxamisekileyo yobuthathaka obune obunzulu. I-WordPress 5.8.3 ifumaneka ngokukhawuleza.
I-WP_Meta_Query kunye ne-WP_Query, iiklasi ezimbini ezibalulekileyo kunye nezisetyenziswa ngokubanzi kwinkqubo yokulawula umxholo, zifunyenwe zisengozini kuhlaselo lwenaliti ye-SQL. Uhlaselo lwe-XSS lwenziwe lwaba nokwenzeka nge-post slugs (igama elilodwa lamaphepha kwii-URLs). Ezinye ii-multisites ze-WordPress ziye zathambekela kwinaliti yento ye-PHP. Le yokugqibela idala umngcipheko wokwenziwa kwekhowudi ekude (RCE).
I-WordPress 5.8.3 ilungisa obu buthathaka. Ukuchwetheza licebiso elingxamisekileyo. NgokweDatabase yeSizwe yoVulnerability yase-US, ubuthathaka bubalulekile.
Ingcebiso: I-Log4Shell-impembelelo engazange ibonwe ngaphambili, izifundo ezinzima kubaphuhlisi besoftware
Isizathu
Ekupheleni kuka-2021, abaphuhlisi be-WordPress bajongene nomsebenzi onzima. Iqela lalinethemba lokukhulula ukukhutshwa kweqonga okulandelayo (5.9) ngoDisemba 2021. Isicwangciso siye sabonakala singenakwenzeka. 5.9 ihlehliselwe uJanuwari 25, 2022.
U-Addison Stavlo, omnye wabaphuhlisi beqonga lomthombo ovulekileyo, uchaze inkqubo yophuhliso lwe-5.9 ngokuthi "iflegi ebomvu" kwaye "iqhube ngokuyingozi". Ijenali yeNjini yoPhendlo, indawo ekwi-intanethi, iqikelela ukuba ubuthathaka bebungathintelwa ngesithuba esingaphezulu kunye nengqalelo kukhuseleko. Oko kungundoqo wexabiso, kodwa uxinzelelo lomsebenzi lolokwexeshana. Ubuthathaka bukhona ukusukela ngo-2013.