Cyber attacks are at an all-time high in 2021. It’s no wonder that content management systems are constantly evaluating their systems for vulnerabilities.
And so, on May 13th, 2021, WordPress applied a patch for a vulnerability to version 5.7.2.
PHP Mailer had a Critical Object Injection that the content management system uses to send automatic emails. The identifier was CV E-2020-36326, similar to 2018’s CVE-19296.
It has one of the highest scores on the vulnerability rating system – 9.8 out of 10. It affected versions 3.7 to 5.7 and occurred after fixing a prior problem. If left unchecked, it could create a pop chain reaction, causing severe damage to site owners.
Running additional software could help hackers exploit the vulnerability and launch malicious attacks.
Typically, the issue occurs due to a lack of proper sanitization to user-supplied input. So, hackers could pass adhoc strings that have undergone serialization to a vulnerable unserialized call.
Passing arbitrary PHP objects to applications.
And it could be something as simple as sending a message using PHPMailer to gain access to your website!
Examples of threats include:
- SQL injections
- Code Injection
- Denial of Service (DOS)
- Path Traversal
Publishers will not need to do anything, as WordPress will do automatic downloads. But, you have to switch to version 5.7.2. immediately otherwise, you open up your website to hacking events. Getting a good security plugin is also a must.
Seeing how prone online businesses are in 2021, what are you doing to protect yourself? Having antivirus software will not only detect any hacking attempts but will also block and clean up malware, Trojans, name it.