Released on Thursday, WordPress version 4.0.1 addresses more than 20 vulnerabilities, and WordPress versions 3.9.3, 3.8.5 and 3.7.5 address a critical cross-site scripting (XSS) vulnerability, according to a post.
WordPress version 4.0 is not affected by the XSS issue, which could enable an anonymous user to compromise a site, the post indicates. Daniel Cid, CTO of Sucuri, told SCMagazine.com in a Friday email correspondence that it is the biggest issue receiving a fix.
Among the other bugs that are being addressed in WordPress version 4.0.1 are three XSS issues that a contributor or author could use to compromise a site, a cross-site request forgery that could be used to trick a user into changing their password, and an issue involving a denial-of-service when passwords are checked, according to a post.
Additionally, version 4.0.1 provides more protections for server-side request forgery attacks when WordPress makes HTTP requests, and invalidates links in password reset emails if a user remembers their password, logs in and changes their email address, the post indicates, adding a hash collision was addressed that could allow a user's account to be compromised if they have not logged in since 2008.
Two hardening changes were also made, including better validation of EXIF data being extracted from uploaded photos, the post added.
Sucuri posted on Thursday that users of the WP-Statistics plugin – version 8.3 and lower – are affected by a high risk vulnerability that can enable an attacker to “use Stored [XSS] and Reflected XSS attack vectors to force a victim's browser to perform administrative actions on its behalf.” Upgrading to version 8.3.1 will address the issue.