• Skip to primary navigation
  • Skip to main content

Managed WordPress Security for Pennies a Day. Call (619) 479-6637

Managed WordPress Security with Heart

MENUMENU
  • Why HackGuard.com? Why Choose HackGuard.com?
  • HackGuard.com WordPress Managed Services Rates WordPress Managed Services Rates
  • HackGuard.com Articles HackGuard Articles Library
    • Hack Guard Customer Testimonials
    • Top 20 WordPress Plugins to Avoid
    • Why Should I Maintain My Own WordPress Website’s Backups?
    • How to Improve Junk Email Filtering at Gmail
    • WordPress 6.0.3 Security Release – Updated?
    • About that “Weekly jQuery Migrate Status Update” email
    • How to Change a WordPress User from Subscriber to Administrator Role
    • WordPress 4.9.3 – Going into the tunnel and never coming out…
    • How Do I Migrate WordPress to a Different Domain Name?
    • Community Blogging: A Short Guide
    • WordPress Troubleshooting and How to Fix WordPress Errors
    • Is My Web Host Secure? Maybe not…
    • How to remove the subdirectory name from your WordPress website address
    • How can I improve the performance of my WordPress website?
    • How can I improve the performance of my WordPress blog (Part 2)
    • Protecting WordPress Against Brute Force Attacks
    • How do I reset my WordPress password?
    • How To Clear Cron Jobs in WordPress
    • xmlrpc.php and Pingbacks and Denial of Service Attacks, Oh My!
    • Free Website Monitoring Services, well, mostly free...
    • How to choose a secure web hosting company for a WordPress website
    • WordPress 404 Page Setup - Do You Have Five Minutes?
    • Can mod_pagespeed Improve Page Load Speed (external link)?
    • Yoast WordPress SEO Settings and Recommendations
    • Is Your Mom Missing Her BUMM?

WordPress 6

WordPress 6.0.3 Security Release – Updated?

WordPress 6.0.3 Security Update

A number of my clients asked, “Have you updated my WordPress today?”

Answer: Yes.

 

As part of our HackGuard.com service, whenever a security release is posted, we work to ensure all of our client’s sites are updated same day.

Why this week?

WordPress 6.0.3 Security Release was posted this week.

Over 16 patches were made in this WordPress release:

1 Stored XSS via wp-mail.php
– contributed by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT

2 Open redirect in `wp_nonce_ays`
– contributed by devrayn

3 Sender’s email address is exposed in wp-mail.php
– contributed by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT

4 Media Library
– Reflected XSS via SQLi
– contributed by Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue

5 CSRF in wp-trackback.php
– contributed by Simon Scannell

6 Stored XSS via the Customizer
– contributed by Alex Concha from the WordPress security team

7 Revert shared user instances introduced in 50790
– contributed by Alex Concha and Ben Bidner from the WordPress security team

8 Stored XSS in WordPress Core via Comment Editing
– contributed by Third-party security audit and Alex Concha from the WordPress security team

9 Data exposure via the REST Terms/Tags Endpoint
– contributed by Than Taintor

10 Content from multipart emails leaked
– contributed by Thomas Kräftner

11 SQL Injection due to improper sanitization in `WP_Date_Query`
– contributed by Michael Mazzolini

12 RSS Widget: Stored XSS issue
– contributed by Third-party security audit

13 Stored XSS in the search block
– contributed by Alex Concha of the WP Security team

14 Feature Image Block: XSS issue
– contributed by Third-party security audit

15 RSS Block: Stored XSS issue
– contributed by Third-party security audit

16 Fix widget block XSS
– contributed by Third-party security audit

 


Disclaimer:
This post was written by Jim Walker for informational purposes only, was not solicited, nor paid for respectively.

 

Filed Under: Call (619) 479-6637 Tagged With: hackguard, security update, WordPress 6

Proactive WordPress Security Management for Pennies a Day™

© Copyright 2022 HackGuard.com™, HackRepair.com™,
The Hack Repair Guy™, Hack Repair Guy™
Copyright and Trademark Statement | Privacy Policy

Call HackRepair.com for website security help, (619) 479-6637.
Content Approved By Jim Walker, The Hack Repair Guy