Certain high threat level vulnerabilities were found in WordPress.
WordPress itself was unaware until it was reported to them, it is said that these flaws were unknowingly introduced by WordPress development team.
WordPress development had slowed down in 2021 and there were not able to reach the target of releasing 5.9 version which is now postponed to 2022.
The four WordPress vulnerabilities reported are
- SQL injection due to lack of data sanitization in WP_Meta_Query (Severity high)
- Authenticated Object Injection in Multi-sites (Severity medium )
- Stored Cross Site Scripting (XSS) through authenticated users (Severity high)
- SQL Injection through WP_Query due to improper sanitization (Severity high)
Solution to WordPress Vulnerabilities.
Update the WordPress version to 5.8.3 which resolves the data sanitization issues (basically just check into how the input to database is being queried, from an API or web service or user etc.)