A high-severity SQL injection vulnerability was fixed in version 6.0.2 of the content management system (CMS), which was released this week according to the WordPress team.
The problem, which was found in the WordPress Link functionality—previously called “Bookmarks”—only affects older installations because the feature is by default turned off on new installs. The Wordfence team at WordPress security startup Defiant claims that millions of legacy WordPress sites may still have the functionality activated even though they are using more recent versions of the CMS.
The security issue, which has a CVSS score of 8.0, needs administrative rights and is difficult to exploit in default installations.
Read More: WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites
For more such updates follow us on Google News ITsecuritywire News