{"id":10,"date":"2018-12-13T12:44:41","date_gmt":"2018-12-13T12:44:41","guid":{"rendered":"https:\/\/speciatheme.com\/blog\/?p=10"},"modified":"2018-12-20T11:12:25","modified_gmt":"2018-12-20T11:12:25","slug":"wordpress-5-0-1-security-release","status":"publish","type":"post","link":"https:\/\/speciatheme.com\/blog\/2018\/12\/13\/wordpress-5-0-1-security-release\/","title":{"rendered":"WordPress 5.0.1 Security Release"},"content":{"rendered":"<p>WordPress 5.0.1 is now available. This is a\u00a0<strong>security release<\/strong>\u00a0for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.<\/p>\n<p>Plugin authors are encouraged to\u00a0<a href=\"https:\/\/make.wordpress.org\/core\/2018\/12\/13\/backwards-compatibility-breaks-in-5-0-1\/\">read the 5.0.1 developer notes<\/a>\u00a0for information on backwards-compatibility.<\/p>\n<p><!--more--><\/p>\n<p>WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0.<\/p>\n<ul>\n<li><a href=\"https:\/\/ripstech.com\/\">Karim El Ouerghemmi<\/a>\u00a0discovered that authors could alter meta data to delete files that they weren\u2019t authorized to.<\/li>\n<li>Simon Scannell of\u00a0<a href=\"https:\/\/blog.ripstech.com\/\">RIPS Technologies<\/a>\u00a0discovered that authors could create posts of unauthorized post types with specially crafted input.<\/li>\n<li><a href=\"https:\/\/twitter.com\/_s_n_t\">Sam Thomas<\/a>\u00a0discovered that contributors could craft meta data in a way that resulted in PHP object injection.<\/li>\n<li><a href=\"https:\/\/security-consulting.icu\/\">Tim Coen<\/a>\u00a0discovered that contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.<\/li>\n<li><a href=\"https:\/\/security-consulting.icu\/\">Tim Coen<\/a>\u00a0also discovered that specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations.<\/li>\n<li><a href=\"https:\/\/yoast.com\/\">Team Yoast<\/a>\u00a0discovered that the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.<\/li>\n<li><a href=\"https:\/\/security-consulting.icu\/\">Tim Coen<\/a>\u00a0and\u00a0<a href=\"https:\/\/medium.com\/websec\">Slavco<\/a>\u00a0discovered that authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.<\/li>\n<\/ul>\n<p>Thank you to all of the reporters for\u00a0<a href=\"https:\/\/make.wordpress.org\/core\/handbook\/testing\/reporting-security-vulnerabilities\/\">privately disclosing the vulnerabilities<\/a>, which gave us time to fix them before WordPress sites could be attacked.<\/p>\n<p><a href=\"https:\/\/wordpress.org\/download\/\">Download WordPress 5.0.1<\/a>, or venture over to\u00a0<code>Dashboard \u2192 Updates<\/code>\u00a0and click\u00a0<code>Update Now<\/code>. Sites that support automatic background updates are already beginning to update automatically.<\/p>\n<p>In addition to the security researchers mentioned above, thank you to everyone who contributed to WordPress 5.0.1:<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress 5.0.1 is now available. This is a\u00a0security release\u00a0for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to\u00a0read the 5.0.1 developer notes\u00a0for information on backwards-compatibility.<\/p>\n","protected":false},"author":1,"featured_media":13,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,9,10,12,13,3,5,7,17,4,14,1,11,6,15,16],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v15.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WordPress 5.0.1 Security Release - My Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/speciatheme.com\/blog\/2018\/12\/13\/wordpress-5-0-1-security-release\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress 5.0.1 Security Release - My Blog\" \/>\n<meta property=\"og:description\" content=\"WordPress 5.0.1 is now available. This is a\u00a0security release\u00a0for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to\u00a0read the 5.0.1 developer notes\u00a0for information on backwards-compatibility.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/speciatheme.com\/blog\/2018\/12\/13\/wordpress-5-0-1-security-release\/\" \/>\n<meta property=\"og:site_name\" content=\"My Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-13T12:44:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-12-20T11:12:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/speciatheme.com\/blog\/wp-content\/uploads\/2018\/12\/wordpress-5.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2180\" \/>\n\t<meta property=\"og:image:height\" content=\"1090\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\">\n\t<meta name=\"twitter:data1\" content=\"specia\">\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\">\n\t<meta name=\"twitter:data2\" content=\"1 minute\">\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/speciatheme.com\/blog\/#website\",\"url\":\"https:\/\/speciatheme.com\/blog\/\",\"name\":\"My Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/speciatheme.com\/blog\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/speciatheme.com\/blog\/2018\/12\/13\/wordpress-5-0-1-security-release\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/speciatheme.com\/blog\/wp-content\/uploads\/2018\/12\/wordpress-5.jpg\",\"width\":2180,\"height\":1090},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/speciatheme.com\/blog\/2018\/12\/13\/wordpress-5-0-1-security-release\/#webpage\",\"url\":\"https:\/\/speciatheme.com\/blog\/2018\/12\/13\/wordpress-5-0-1-security-release\/\",\"name\":\"WordPress 5.0.1 Security Release - My Blog\",\"isPartOf\":{\"@id\":\"https:\/\/speciatheme.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/speciatheme.com\/blog\/2018\/12\/13\/wordpress-5-0-1-security-release\/#primaryimage\"},\"datePublished\":\"2018-12-13T12:44:41+00:00\",\"dateModified\":\"2018-12-20T11:12:25+00:00\",\"author\":{\"@id\":\"https:\/\/speciatheme.com\/blog\/#\/schema\/person\/af174b106fc44d56780c8a5165c54309\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/speciatheme.com\/blog\/2018\/12\/13\/wordpress-5-0-1-security-release\/\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/speciatheme.com\/blog\/#\/schema\/person\/af174b106fc44d56780c8a5165c54309\",\"name\":\"specia\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/speciatheme.com\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5601fe5825bb6f48607540ca1ea62b9c?s=96&d=mm&r=g\",\"caption\":\"specia\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/posts\/10"}],"collection":[{"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/comments?post=10"}],"version-history":[{"count":3,"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/posts\/10\/revisions"}],"predecessor-version":[{"id":39,"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/posts\/10\/revisions\/39"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/media\/13"}],"wp:attachment":[{"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/media?parent=10"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/categories?post=10"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/speciatheme.com\/blog\/wp-json\/wp\/v2\/tags?post=10"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}