I-WordPress yethula isichibiyelo esiphuthumayo sobungozi obune obukhulu. I-WordPress 5.8.3 iyatholakala ngokushesha.
I-WP_Meta_Query kanye ne-WP_Query, izigaba ezimbili ezibalulekile nezisetshenziswa kabanzi ohlelweni lokuphatha okuqukethwe, zitholwe zisengozini yokuhlaselwa umjovo we-SQL. Ukuhlasela kwe-XSS kwenziwe kwaba nokwenzeka ngama-post slugs (igama eliyingqayizivele lamakhasi kuma-URL). Amanye ama-multisites e-WordPress nawo ayethambekele ekujovweni kwento ye-PHP. Lokhu kwakamuva kudala ubungozi bokukhishwa kwekhodi okude (RCE).
I-WordPress 5.8.3 ilungisa lobu bungozi. Ukunamathisela kuyiseluleko esiphuthumayo. Ngokusho kwe-US National Vulnerability Database, ubungozi bubalulekile.
Ithiphu: I-Log4Shell - umthelela ongakaze ubonwe, izifundo ezinzima zabathuthukisi be-software
Isizathu
Ekupheleni kuka-2021, abathuthukisi be-WordPress babhekane nomsebenzi onzima. Ithimba lalinethemba lokukhulula ukukhishwa okuyinhloko okulandelayo kwenkundla (5.9) ngoZibandlela wezi-2021. Lolu hlelo luye lwabonakala lungenakwenzeka. I-5.9 ihlehliselwe uJanuwari 25, 2022.
U-Addison Stavlo, omunye wabathuthukisi benkundla yomthombo ovulekile, uchaze inqubo yokuthuthukiswa kwe-5.9 ngokuthi "ifulegi elibomvu" futhi "igijime ngokuyingozi". I-Search Engine Journal, i-online medium, iqagela ukuthi ubungozi bebungavinjelwa ngesikhala esengeziwe nokunaka ukuphepha. Lokho kunomongo wenani, kodwa ingcindezi yomsebenzi ingeyesikhashana. Ubungozi bukhona kusukela ngo-2013.