List and updates changes in WordPress 5.8.3 version

WordPress 5.8.3 is a short-cycle security release. The next major release will be version 5.9. This wordPress core 5.8.3 security update addresses 4 different security vulnerabilities which affect WordPress core version between 3.7 and 5.8.

WordPress update version 5.8.3
Image Credit- php developers

On the 6th of January 2022, WordPress.org release a security updates and recommended user to “Update your  sites immediately”.  All WordPress version between 3.7  and 5.8 are the affected by this, and the security issues includes SQL injection, stored XSS and object injection which we will review in this post.

What changes in new update?

Version 5.8.3 addressed some security issues.

Version 5.8.2 addressed a security issue and fixed 2 bugs.

Version 5.8.1 addressed a security issue and fixed 60 bugs.

Version 5.8.3 addressed some security issues. : 4 security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issues:

  • Props to Karim El Ouerghemmi and Simon Scannell of SonarSourse for disclosing an issue with stored XSS through post slugs.
  • Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
  • Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
  • Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query.

#List of files Revised

/wp-admin/includes/upgrade.php
/wp-includes/class-wp-meta-query.php
/wp-includes/class-wp-tax-query.php
/wp-includes/formatting.php 

 

version 5.8.2 addressed a security issue and fixed 2 bugs.:

#List of files Revised

wp-admin/includes/ajax-actions.php
wp-admin/about.php
wp-includes/certificates/ca-bundle.crt
wp-includes/script-loader.php
wp-includes/version.php

Version 5.8.1 addressed a security issue and fixed 60 bugs.: 

3 security issues affects WordPress versions between 5.4 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues:

  • Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API.
  • Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.
  • The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.

In addition to these issues, the security team would like to thank the following people for reporting vulnerabilities during the WordPress 5.8 beta testing period, allowing them to be fixed prior to release:

  • Props Evan Ricafort for reporting a XSS vulnerability in the block editor discovered during the 5.8 release’s beta period.
  • Props Steve Henty for reporting a privilege escalation issue in the block editor.

#List of files Revised

license.txt
wp-admin/about.php
wp-admin/customize.php
wp-admin/edit-form-blocks.php
wp-admin/includes/ajax-actions.php
wp-admin/includes/class-custom-background.php
wp-admin/includes/class-pclzip.php
wp-admin/includes/theme.php
wp-admin/includes/update-core.php
wp-admin/js/customize-controls.js
wp-admin/js/customize-controls.min.js
wp-admin/js/editor-expand.js
wp-admin/js/editor-expand.min.js
wp-admin/js/editor.js
wp-admin/js/editor.min.js
wp-admin/js/widgets/custom-html-widgets.js
wp-admin/js/widgets/custom-html-widgets.min.js
wp-admin/js/widgets/media-widgets.js
wp-admin/js/widgets/media-widgets.min.js
wp-admin/nav-menus.php
wp-admin/widgets-form-blocks.php
wp-includes/assets/script-loader-packages.php
wp-includes/block-editor.php
wp-includes/blocks.php
wp-includes/class-wp-customize-widgets.php
wp-includes/class-wp-editor.php
wp-includes/class-wp-image-editor.php
wp-includes/class-wp-theme-json-resolver.php
wp-includes/class-wp-theme-json.php
wp-includes/compat.php
wp-includes/css/dist/block-editor/style-rtl.css
wp-includes/css/dist/block-editor/style-rtl.min.css
wp-includes/css/dist/block-editor/style.css
wp-includes/css/dist/block-editor/style.min.css
wp-includes/css/dist/edit-widgets/style-rtl.css
wp-includes/css/dist/edit-widgets/style-rtl.min.css
wp-includes/css/dist/edit-widgets/style.css
wp-includes/css/dist/edit-widgets/style.min.css
wp-includes/css/dist/widgets/style-rtl.css
wp-includes/css/dist/widgets/style-rtl.min.css
wp-includes/css/dist/widgets/style.css
wp-includes/css/dist/widgets/style.min.css
wp-includes/css/media-views-rtl.css
wp-includes/css/media-views-rtl.min.css
wp-includes/css/media-views.css
wp-includes/css/media-views.min.css
wp-includes/customize/class-wp-customize-background-position-control.php
wp-includes/functions.php
wp-includes/general-template.php
wp-includes/images/crystal/license.txt
wp-includes/js/dist/block-editor.js
wp-includes/js/dist/block-editor.min.js
wp-includes/js/dist/block-library.js
wp-includes/js/dist/block-library.min.js
wp-includes/js/dist/components.js
wp-includes/js/dist/components.min.js
wp-includes/js/dist/core-data.js
wp-includes/js/dist/core-data.min.js
wp-includes/js/dist/customize-widgets.js
wp-includes/js/dist/customize-widgets.min.js
wp-includes/js/dist/data.js
wp-includes/js/dist/edit-post.js
wp-includes/js/dist/edit-post.min.js
wp-includes/js/dist/edit-widgets.js
wp-includes/js/dist/edit-widgets.min.js
wp-includes/js/dist/editor.js
wp-includes/js/dist/editor.min.js
wp-includes/js/media-models.js
wp-includes/js/media-models.min.js
wp-includes/js/quicktags.js
wp-includes/js/quicktags.min.js
wp-includes/js/tinymce/plugins/wordpress/plugin.js
wp-includes/js/tinymce/plugins/wordpress/plugin.min.js
wp-includes/js/tinymce/wp-tinymce.js
wp-includes/script-loader.php
wp-includes/theme.json
wp-includes/version.php

 

 

Leave a Comment