WordPress 5.0.1 Important Security Release

Feature Image WordPress Report

Orlando WordPress Developer

If you have a WordPress website, you are probably aware WordPress 5.0 was released last week (in case you missed it, check out last week’s article). Since then, a few very important security vulnerabilities have emerged in sites that have updated to WordPress latest version. Keep reading to learn how to stay safe with WordPress 5.0.1.

Vulnerabilities in WordPress 5.0

WordPress 5.0.1 was released Wednesday night to address the security vulnerabilities detected in WordPress 5.0. Here are the major ones that are fixed in 5.0.1:

  • Sensitive Data Exposure

It was discovered that the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.

  • PHP Object Injection

A WordPress user discovered contributors could craft meta data in a way that resulted in PHP object injection. This vulnerability allows an author to assign an arbitrary file path to an attachment. The file path supplied by the author uses the phar:// stream wrapper on a previously uploaded attachment which leads to object injection utilizing a “feature” of the PHAR file type which stores serialized objects in the metadata of the PHAR file.

  • Unauthorized Post Creation

This means authors can create posts of unauthorized post types with specially crafted input.

  • Privilege Escalation / XSS

This vulnerability means contributors can edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.

  • Privileged XSS

In this scenario, users with ‘author’ privileges on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.

  • XSS That Could Impact Some Plugins

A WordPress user discovered specially crafted URL inputs can lead to a cross-site scripting vulnerability in some circumstances.

  • Unauthorized File Deletion

This vulnerability gives author-level users the ability to alter metadata to delete files that they weren’t authorized to.

How to Fix these WordPress 5.0 Vulnerabilities

Since 5.0.1 is a minor update, users who have their automatic updates on, should have 5.0.1 automatically installed on their websites. However, if you have automatic updates
off, we recommend you manually update to WordPress 5.0.1 to protect yourself from the vulnerabilities mentioned above.

Orlando WordPress Maintenance

Are you struggling with WordPress 5.0 and want to keep your website safe? Contact us! We are Orlando WordPress specialists with over 14 years of experience in the web design industry.



Category: Orlando Wordpress Tags: , , , No Comments


M5 Design Studio

We are a small, but creative and passionate team of designers and developers specializing in web design, graphic design, branding & digital marketing.

Hcaptcha Wordpress Plugin Alternative To Googles Recaptcha

Hcaptcha: WordPress Plugin Alternative to Google’s Recaptcha

ORLANDO WORDPRESS DEVELOPER If you have a WordPress website, you know how important it is to protect it from spam, b
New Woocommerce Released Orlando

WooCommerce 8.3.0 Released

ORLANDO WORDPRESS DEVELOPER Whats new? Cart, Checkout, and Order Confirmation Blocks Are Default on New Ins
Wordpress 5.8 release maintenance

Latest Features in WordPress 5.8

WordPress Developer WordPress Version 5.8 was released on July 20th, 2021 with several features anticipated by web devel

Comments are closed.