Corporate Training
News/Tech News

Security vulnerability update for WordPress 6.02

Published on Sep 03, 2022

WordPress has released an update that includes bug fixes and security patches that address three vulnerabilities rated as severe to medium severity.

There is a possibility that the updates have been downloaded and installed automatically. Hence, it is essential to check if the website has been updated to 6.02 and if everything is still working as expected.

There have been several bug fixes.
Twelve fixes have been made to the WordPress core, and five holes have been made to the block editor as part of this update.

The Pattern Directory has been improved to help theme authors serve just the patterns related to their themes, which is one of the notable changes.

It is the goal of this change to make it more appealing to theme authors so that they will use it more often and to give publishers a better user experience so that they will use it more often.

A total of three security patches have been released
As far as the first vulnerability is concerned, it is described as a high-severity SQL Injection vulnerability.

By exploiting a SQL injection vulnerability, an attacker can query the website’s database and add, view, delete, or modify sensitive information from the database that underpins the website.

According to a report by Wordfence, at the time of writing, WordPress 6.02 patches a high severity SQL injection vulnerability, but the exposure requires administrative privileges to be exploited.

The second and third vulnerabilities have been described as Stored Cross-Site Scripting flaws, one of which is reported not to affect the “vast majority” of WordPress publishers.

A new version of the Moment JavaScript Date Library has been released
There was one more vulnerability that was fixed. However, it was not a part of the WordPress core software. The vulnerability is related to a JavaScript data library called Moment that WordPress uses to store data.

The vulnerability in the JavaScript library has been assigned a CVE number, and details about this vulnerability can be found in the National Vulnerability Database of the U.S. government. It is documented as a bug fix on the WordPress website.

Tech News

AWS credentials

Over 1,800 Android and iOS apps leak AWS credentials

A total of 1,859 apps across Android and iOS contain hard-coded Amazon Web Services (AWS) credentials, posing a major security threat…

Source Bug Bounty

Supply Chain Attacks Targeted by New Open Source Bug Bounty

A new bug bounty program was introduced by Google on Monday, offering payouts ranging from £86.32 to £27050.88 (a reference to element or leaf)…

Our Latest Blog

Beyond the Basics Advanced Techniques and Tools for Ethical Hacking Professionals
June 9, 2023By

Beyond the Basics: Advanced Techniques and Tools for Ethical Hacking Professionals

Are you an ethical hacking professional looking to take your skills to the next level?...
Read More
Mastering Full Stack Python Development with Django A Comprehensive Guide
June 8, 2023By

Mastering Full Stack Python Development with Django: A Comprehensive Guide

Python is a powerful programming language that has taken the world of web development by...
Read More
Mastering Machine Learning A Beginner's Guide to Python
June 7, 2023By

Mastering Machine Learning: A Beginner’s Guide to Python

Welcome to the world of machine learning! With the ever-increasing demand for artificial intelligence and...
Read More

Follow Us

Resources

Presentations
Browse LSET presentations to understand interesting…

Explore Now


eBooks
Get complete guides to empower yourself academically…

Explore Now


Infographics
Learn about information technology and business…

Explore Now