Version 5.5.2 of the WordPress content management platform has been released. The latest WordPress version fixes 10 security vulnerabilities, including one high-severity flaw that could be exploited to take over a targeted website.
A remote attacker could conduct a narrow denial of service attack, which could then turn into a remote code execution issue. The vulnerability is due to how WordPress manages internal resources within the application and has been present in the platform at least 3 years.
Exploitation of the flaw is difficult and hard to reproduce, which limits the potential for exploitation. Even if the correct conditions exist, a DoS attack must be conducted with precision to trigger a remote code execution vulnerability. WordPress says there are no cases of exploitation in the wild and the probability of an attack exploiting the flaw is relatively low.
According to DeteAct founder, Omar Ganiev, who discovered the flaw, “The principle is to trigger the DoS on the MySQL so that WordPress will think that it’s not installed and then un-DoS on the DB under the same execution thread.” Ganiev discovered the flaw around 3 years ago but has only recently reported the issue to WordPress, with the delay due to him exploring types of proof-of-concept exploits.
Four medium-severity flaws have been corrected, three of which could be exploited via the internet by a remote unauthenticated user. The other flaw could only be exploited by a remote authenticated user. WordPress reports that one of the medium severity flaws – a cross-site scripting vulnerability – could be exploited remotely to give an attacker access to sensitive data, and would allow changes to be made to the appearance of a web page, and for the site to be used for phishing attacks and drive-by malware downloads. The flaw is due to improper sanitization of user-supplied data. If exploited, an attacker could trick a victim into clicking and following a specially crafted link and get them to execute HTML and script code in the browser in the context of a vulnerable website.
The flaws affect versions 5.5.1 of WordPress and earlier. If WordPress has not been set to update automatically, the update should be applied as soon as possible.