Description
WordPress version 5.0 and earlier are affected by the following bugs, which are fixed in the updated 5.0.1 version.
Listed below are the discoverers and bugs which were resolved in the WordPress version 5.0:
- Authors could alter meta data to delete files that they werent authorised (Karim El Ouerghemmi)
- Authors could create posts of unauthorised post types with specially crafted input (Simon Scannell)
- Contributors could craft meta data in a way that resulted in PHP object injection. (Sam Thomas)
- Contributors could edit new comments from higher privileged users, potentially leading to a cross-site scripting vulnerability. (Tim Coen)
- Specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations. (Tim Coen)
- User activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords. (Team Yoast)
- Authors on apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability. (Tim Coen)
The Guyana National CIRT recommends that owner/operators test and deploy the vendor released update or work around to affected platforms accordingly.
Reference
WordPress 5.0.1 Security Release
https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/