image credit: unsplash
Two of the flaws are SQL injections — one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC).
Simon Scannell of SonarSource reported an object injection issue affecting some multisite installations, as well as a stored cross-site scripting (XSS) bug. Karim El Ouerghemmi was also credited for the XSS vulnerability.
Comments are closed.
