WordPress developers announced on Thursday the availability of version 5.0.1 of the content management system (CMS), which addresses several types of vulnerabilities.
Researcher Tim Coen has discovered several cross-site scripting (XSS) flaws in WordPress, including one caused by the ability of contributors to edit new comments from users with higher privileges. He also found that a specially crafted URL input can be exploited for XSS attacks – this issue only impacts some plugins.
Coen and researcher Slavco Mihajloski discovered an XSS vulnerability related to the ability of authors on Apache-hosted websites to upload specially crafted files that bypass MIME verification.
“Prior to 5.0.1, WordPress did not require uploaded files to pass MIME type verification, so files could be uploaded even if the contents didn’t match the file extension. For example, a binary file could be uploaded with a .jpg extension,” explained WordPress developer Ian Dunn. “This is no longer the case, and the content of uploaded files must now match their extension. Most valid files should be unaffected, but there may be cases when a file needs to be renamed to its correct extension (e.g., an OpenOffice doc going from .pptx to .ppxs).”