We hope you enjoy reading this post.

If you would like our team to work for you, click here.

WordPress 5.8.1: A Security and Maintenance Release

WordPress has released version 5.8.1, which is a security and maintenance update. In order to fix three security concerns, it is critical to update WordPress, particularly versions 5.4 to 5.8.

Following a major version update, it’s typical for WordPress, or any software provider for that matter, to release a bug fix update to address unforeseen issues and provide enhancements that didn’t make it into the major release.

These upgrades are referred to as maintenance releases in WordPress.

WordPress Version 5.8.1 also comes with a security patch, which is unusual for the WordPress core software. And as a result, this latest update is more significant than a standard maintenance release.

Security updates

Between WordPress versions 5.4 and 5.8, three security concerns have been discovered. If you haven’t already done so, all WordPress versions since 5.4 have been upgraded to address the following security vulnerabilities:

  • Within the REST API, there was a data exposure risk
  • The Gutenberg block editor had a Cross-Site Scripting (XSS) vulnerability
  • The Lodash JavaScript Library had multiple critical to high severity vulnerabilities

Because all three of the above vulnerabilities are so serious, the WordPress developers advise that all WordPress installations be updated right away.

The REST API Vulnerability

The WordPress REST API is a method for plugins and themes to communicate with the core of WordPress.

The REST API has been a source of security flaws in the past, most notably with the Gutenberg Template Library & Redux Framework flaw, which affected over a million websites.

This most recent flaw is classified as a data exposure flaw, which indicates that sensitive information could be exposed. There are no more details about what kind of information was vulnerable at this time, but it may be as serious as passwords to data that might be used to launch an attack through another vulnerability.

The Gutenberg XSS Vulnerability

Vulnerabilities such as Cross-Site Scripting (XSS) are rather common. They can occur whenever a user input field, such as a contact or email form, is not “sanitised” to prevent the upload of scripts that can cause undesirable behaviour in the WordPress installation.

XSS vulnerabilities can cause a lot of damage, according to the Open Web Application Security Project (OWASP):

“An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script.

Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.”

The Gutenberg block editor is affected by this particular recent vulnerability.

The Lodash JavaScript Library Vulnerabilities

These are possibly the most worrying flaws. The Lodash JavaScript library is a collection of scripts used by developers that have been discovered to contain several flaws.

Lodash 4.17.21 is the most recent and secure version.

The vulnerability is described on the CVE List website, which is maintained by the US Department of Homeland Security:

“Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.”

WordPress Recommends Urgent Updates

This upgrade is more important than ever because of these security flaws. WordPress recommends that all WordPress website owners update.

According to the official WordPress notification, you should update:

“Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.4 have also been updated.”

Our WordPress experts can take care of all of your core updates, themes and plugin updates as well as taking regular backups. If this is something you might want to consider, take a look at our WordPress Maintenance and Support packages.

Citations

Speak to a WordPress expert

Share This Article, Choose Your Platform!

We hope you enjoyed reading this post.

If you would like our team to work for you, click here.

Leave A Comment

WP Rocket - WordPress Caching Plugin

Get 20% Off

SPECIAL OFFER – LIMITED TIME
FOR ALL SERVICES

Call Today
Call Today

Get 20% Off

SPECIAL OFFER – LIMITED TIME – FOR ALL SERVICES