WordPress 6.0.3 started rolling out this week. The most recent security update fixes 16 flaws. In addition to addressing open redirect, data exposure, cross-site request forgery (CSRF), and SQL injection vulnerabilities, WordPress 6.0.3 also addresses nine stored and reflected cross-site scripting (XSS) vulnerabilities.
Each vulnerability has been described by WordPress security firm Defiant. Four of them are classified as having “high severity,” while the others have “medium” or “low” severity. A user who can send posts to a website via email can take advantage of one of the high-severity vulnerabilities, a stored XSS flaw, to insert malicious JavaScript code into posts.
The code would get executed when the malicious post is accessed.
Read More: WordPress Security Update 6.0.3 Patches 16 Vulnerabilities
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.