WordPress Fixes Security Issues With 5.0.1 Release
Looking for something specific?
Search our blog library to find the article you need.
Business Needs Reliable Outcomes. They Also Need Reliable I.T. Services.
We Can Help.
Book YourComplimentaryConsultation Today!
Fill In The Form Below
Steadfast Solutions will never sell or rent your contact information. Your info is secure with us.
Meet Our CEO Ian Brady
We service all sizes of customers from boutiques to large retail chains, and in a host of industries from construction to professional services. One of the ways that we are able to add value to our customers is through our ability to quickly grasp the nature and needs of their business, and provide a solution that can be up and running quickly and cost-effectively.
Not Sure If Now Is The Time To Engage With Your Melbourne IT Team At Steadfast Solutions
No problem, check out some of our most recent blog posts and call us when you're ready.
In the first week of December 2018, WordPress announced the release of its much-awaited update WordPress 5.0. Researchers testing the new version almost immediately found several serious security issues which jeopardized sensitive personal data like user email addresses and passwords and allowed unauthorized access to content management functions on sites within the platform. All versions of the platform 5.0 and older were affected by the vulnerabilities.
Less than a week later, on December 12th, company developers responded with the release of WordPress 5.0.1, a patch intended to address the vulnerabilities in the earlier version.
The bug that allowed access to emails and passwords by exploiting the Google website indexing service was only a threat to users who had not changed their passwords after the release of WordPress 5.0. The new version fixes that bug.
Changes were made to the MIME validation process after security researchers discovered that an attacker working through Apache-hosted sites could create modified files to bypass the validation process and implement cross-site scripting hacks.
Ian Dunn, a WordPress developer, state, “ Before 5.0.1, WordPress did not require uploaded files to pass MIME type verification so files could be uploaded even if the contents didn’t match the file extension. For example, a binary file could be uploaded with a .jpg extension. This is no longer the case, and the content of uploaded files must now match their extension. Most valid files should be unaffected, but there may be cases when a file needs to be renamed to its correct extension”.
The new version addresses other vulnerabilities such as the ability to alter metadata to delete files without authorization and to craft input that would allow the creation of unauthorized posts. A full list of vulnerabilities found and fixes implemented with WordPress 5.0.1 has been published by the company.
Those users with websites on WordPress 5.0 should update to WordPress 5.0.1 as soon as they can. Those who have enabled automatic updates should already have the new version, but because of the types of vulnerabilities that were discovered, it is recommended they do it manually to be safe.
Those who are still using older WordPress 4.X versions should install 4.9.9 as soon as possible. There have been reports of automatic updates not working for this version. Again, it should be done manually to make sure.