In the first week of December 2018, WordPress announced the release of its much-awaited update WordPress 5.0. Researchers testing the new version almost immediately found several serious security issues which jeopardized sensitive personal data like user email addresses and passwords and allowed unauthorized access to content management functions on sites within the platform. All versions of the platform 5.0 and older were affected by the vulnerabilities.
Less than a week later, on December 12th, company developers responded with the release of WordPress 5.0.1, a patch intended to address the vulnerabilities in the earlier version.
The bug that allowed access to emails and passwords by exploiting the Google website indexing service was only a threat to users who had not changed their passwords after the release of WordPress 5.0. The new version fixes that bug.
Changes were made to the MIME validation process after security researchers discovered that an attacker working through Apache-hosted sites could create modified files to bypass the validation process and implement cross-site scripting hacks.
Ian Dunn, a WordPress developer, state, “ Before 5.0.1, WordPress did not require uploaded files to pass MIME type verification so files could be uploaded even if the contents didn’t match the file extension. For example, a binary file could be uploaded with a .jpg extension. This is no longer the case, and the content of uploaded files must now match their extension. Most valid files should be unaffected, but there may be cases when a file needs to be renamed to its correct extension”.
The new version addresses other vulnerabilities such as the ability to alter metadata to delete files without authorization and to craft input that would allow the creation of unauthorized posts. A full list of vulnerabilities found and fixes implemented with WordPress 5.0.1 has been published by the company.
Those users with websites on WordPress 5.0 should update to WordPress 5.0.1 as soon as they can. Those who have enabled automatic updates should already have the new version, but because of the types of vulnerabilities that were discovered, it is recommended they do it manually to be safe.
Those who are still using older WordPress 4.X versions should install 4.9.9 as soon as possible. There have been reports of automatic updates not working for this version. Again, it should be done manually to make sure.
Time For An Experience IT Firm For Your Mining Company?
Xyber Solutions is globally recognised for their excellence in working with many of the top mining corporations as their trusted technology team.
Let us be your next IT team.
Fill out the form below to schedule time with one our mining technology professionals.
Your Information Is Safe With Us. Xyber Solutions will never sell, rent, share or distribute your personal details with anyone. In addition, we will never spam you.
Have Questions About Technology? Need The Right Answers?
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.