Ouray Solution Blog
Dec 27, 2018
What’s New In Wordpress 5.0.1 Version?
Wordpress latest version 5.0.1 is now successfully launched worldwide which is basically a Security Release for all the previous versions which has been launched since WordPress 3.7.
Go ahead and update your WordPress sites as soon as possible.
This latest version fixes all the bugs which have been faced by all the previous versions of Wordpress.
There were only seven bugs that needed to be fixed, and it's all done with Wordpress 5.0.1. Let's Discuss each of the flaws one by one.
1) Creation of Unauthorized posts: Simon Scannell of PHP security company "RIPS Technologies" discovered that authors could create posts of unapproved types with extraordinarily made information.
2) Deletion of Unauthorized Files: The another one from RIPS Technologies, Karim El Ouerghemmi discovered that authors could delete the files which were not authorized to them.
3) Exposing the Sensitive data: Team YOAST discovered this bug, which revealed that an attacker could access the user activation screen for new users which resulted in the exposure of email addresses and, in some circumstances, it could also lead to the disclosure of default generated passwords.
4) Cross-Site Scripting (XSS) Vulnerability, bypassing the MIME: This flaw was Introduced by Tim Coen along with Slavco Mihajloski, which revealed that authors on Apache-hosted sites could upload individually crafted files that resulted in dodging the MIME verification.
5) Cross-Site Scripting (XSS) Vulnerability, editing new comments: This bug was discovered by Tim Coen himself which introduces a situation where subscribers had an opportunity to edit new comments from higher-privileged users. WordPress approached this issue by eliminating the <form> tag from their HTML whitelist.
6) Cross-Site Scripting (XSS) Vulnerability, affecting plugins: This was also discovered by Tim Coen, which shows that specially crafted URL inputs result in XSS vulnerability. They don't affect Wordpress itself, but in some circumstances, plugins are certainly affected.
7) Resulting, the PHP object Injection: In the context of Wordpress, Sam Thomas introduced that contributors could alter Meta data in such a way that results in PHP object Injection. It is the vulnerability, in which two conditions meet to carry out malicious attacks.
If you haven't downloaded the version yet, you may download from WORDPRESS 5.0.1 by clicking on it.
If you are looking for developing your website over WordPress, then you are just a step away from innovative custom WordPress designs. We at Ouray Solution, let our clients interact with us and develop their Wordpress websites according to their demands.