WordPress 5.0.0 Serious Vulnerability Found

Vulnerability allows to execute arbitrary code on the server, having the privileges of the Author 
20 February 2019   704

Simon Scannell has published information about the vulnerability in the WordPress, which allows to execute arbitrary code on the server, having the privileges of the Author of publications on the site. In WordPress 4.9.9 and 5.0.1 updates, partial protection was added to block the attack in the core WordPress code, but the problem remains completely unresolved and in the current release of WordPress 5.0.3 it can be exploited through additional errors in the plugins (it is noted that manifested in some popular plugins with millions of active installations).

The vulnerability was caused by two problems - the ability to override metadata in the database and errors in the processing of file paths. The first problem allows to override in the database the value of the post with the image parameters in the wp_postmeta table.

To solve the problem of transmitting PHP code under the guise of an image, the Imagick PHP extension feature is used, which, after editing, leaves the contents of EXIF ​​metadata unchanged, i.e. in the resulting image remain the same EXIF ​​parameters as in the original. Placing the PHP code instead of the EXIF ​​block, you can achieve its execution when you try to connect a specific theme template. When used to convert images to the PHP GD extension, the attack becomes more complicated, since GD clears EXIF ​​and a special selection of pixel values ​​is needed to execute the code, which, after being processed in GD, forms a PHP code.

WordPress 5.3 to be Released

The new edition offers a new Twenty Twenty theme among other things and improvements
14 November 2019   151

After six months of development, the release of the WordPress 5.3 web content management system is presented. The main changes in the new release are related to the modernization of the visual editor for block layout of pages, which provides more intuitive controls, new layout options for blocks are added, support for additional styles is added, and support for inserting high-resolution images is improved. For people who prefer keyboard control, a new navigation mode has been added that allows you to quickly switch between blocks without going through elements in each block.

The new edition offers a new Twenty Twenty theme, optimized to take advantage of the new visual block editor features and provide more flexibility when changing the layout. For designers, features such as the new "Group" block have been proposed to simplify dividing the page into sections. Added support for fixed-width columns in the "Columns" block. New predefined layouts have been added to simplify the intricate arrangement of content. For blocks, the ability to bind predefined styles is implemented.

Among other innovations: ensuring compatibility with PHP 7.4, support for automatic rotation of images after downloading (based on the orientation parameters of the screen of the mobile device during the picture), advanced tools for identifying possible problems on the site (Health Check) and verification of the administrator’s email address (periodically requires confirmation relevance of email, so as not to lose access in the event of a change of address).