WordPress update fixes a series of high-severity vulnerabilities

News
By published

Four flaws were patched in latest WordPress update

WordPress 5.9 Beta 1
(Image credit: WordPress)

Developers at WordPress have pushed out an automatic update to millions of users, patching their websites and eliminating multiple vulnerabilities. 

Some of these vulnerabilities were so severe that if exploited, could allow the attacker to completely take over the site, whereas others were less dangerous and required some level of admin access to be exploited.

In total, four vulnerabilities were patched with WordPress version 5.8.3. Webmasters and other administrators are advised to double-check the version of WordPress their site runs on, to make sure they cannot be targeted.

Big platform, big target

Analyzing the security release, WordPress security plugin developers Wordfence said the patch was backported to every version of WordPress since 3.7, the first version that supports automatic core updates for security releases. That means that practically all websites should be secure, as “any sites that remain vulnerable would only be exploitable under very specific circumstances.”

WordPress is the world’s most popular website builder, and as such, is often the target of malicious actors and other cyber crooks. It offers users a web store with thousands of plugins, many of which could carry dangerous vulnerabilities. 

Less than a month ago, it was reported that more than 800,000 WordPress websites were still vulnerable to a “simple” takeover vulnerability, due to not patching up the “All in One” SEO WordPress plugin.

Automattic security researcher Marc Montpas, who first spotted the flaws, said abusing these flaws on vulnerable sites is easy, as all the attacker needs to do is change “a single character to uppercase” to circumvent all privilege checks.

Roughly two months ago, a vulnerability in the Starter Templates - Elementor, Gutenberg & Beaver Builder Templates plugin, allowed contributor-level users to completely overwrite any page on the site, and embed malicious JavaScript at will. In this case, more than a million sites were at risk.

The same month, the “Preview E-mails for WooCommerce” plugin was also found to hold a serious flaw, potentially allowing attackers complete site takeover. The plugin was used by more than 20,000 sites. 

  • You might also want to check out our list of the best firewalls right now
TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Another serious WordPress plugin vulnerability could put 40,000 sites at risk of attack
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Over a million WordPress sites exposed to attack from W3 Total Cache plugin flaw
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
WordPress
WordPress users beware - these popular theme plugins have some major security issues
WordPress
Another top WordPress plugin found carrying critical security flaws
Latest in Website Building
Wix automation
The world's leading website builder aims to save businesses time with new tool
Squarespace
Build a website for less with 10% off Squarespace subscriptions
Squarespace
Fresh season, fresh start— launch your dream website with Squarespace with this offer
Wix Printful
Wix teams up with Printful for in-house print-on-demand tools
Squarespace
Don't miss out on this great Squarespace deal
Hostinger Website Builder vs WordPress.com: Which is better?
Hostinger Website Builder vs WordPress.com: Battle of the WordPress website builders
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
More about website building
Squarespace

Fresh season, fresh start— launch your dream website with Squarespace with this offer
Wix automation

The world's leading website builder aims to save businesses time with new tool
best of Studio Ghibli movies Netflix

I refuse to jump on ChatGPT’s Studio Ghibli image generator bandwagon because it goes against everything I love about those movies
See more latest
Most Popular
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
HP ZBook Ultra G1a
HP's ridiculously fast Ryzen AI Max+ Pro 395 laptop with 128GB RAM goes on sale everywhere in the US, but it won't be cheap
A mobile phone showing the Signal logo in front of a screen showing the app
Signalgate explained: what is Signal, and how secure is the messaging app?
Asus Ascent GX10 Rear
Asus's more affordable version of Nvidia's uber-popular Project Digits snapped at GTC 2025
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA