WordPress Version 6.0.3 Security Update

WordPress 6.0.3

Written by JVF Solutions

JVF Solutions is your premier source for all things online. From responsive websites to digital marketing services to online marketing strategy, we've got you covered.

October 17, 2022

WordPress 6.0.3 was released today. We’re in the process of testing it and will be upgrading all of our maintenance clients’ sites over the next few days. This is a security update so we recommend that all site owners apply the update. If your site is mission-critical or you have any reservations about upgrading, either test it on a staging site or take a backup of your site before upgrading. If you need assistance or have questions, please don’t hesitate to reach out to us. The next significant release will be WordPress 6.1 which is expected on 11/1/22.

WordPress 6.0.3 Security Fixes:

The following vulnerabilities are among the fixes in WordPress 6.0.3 :

  • Stored XSS via wp-mail.php (post by email).
  • Open redirect in `wp_nonce_ays`
  • Sender’s email address is exposed in wp-mail.php
  • Media Library – Reflected XSS via SQLi
  • CSRF in wp-trackback.php
  • Stored XSS via the Customizer
  • Revert shared user instances introduced in 50790
  • Stored XSS in WordPress Core via Comment Editing
  • Data exposure via the REST Terms/Tags Endpoint
  • Content from multipart emails leaked
  • SQL Injection due to improper sanitization in `WP_Date_Query`
  • RSS Widget: Stored XSS issue
  • Stored XSS in the search block
  • Feature Image Block: XSS issue
  • RSS Block: Stored XSS issue
  • Fix widget block XSS

Should You Upgrade?

We typically recommend upgrading WordPress within a few days of an update’s release date. This is a security update so we recommend prioritizing the upgrade. We’ve already started rolling out the update to some of our maintenance clients’ sites, as well as our own.

Again, sites that require near 100% uptime or sites with old or abandoned plug-ins should consider testing the update on a staging server. The same is true for anyone that has concerns about a potential impact on their site. If you don’t have access to a staging server, we can help – just reach out to us for a complimentary consultation. We can recommend a solution that best suits your needs. Clients on our hosting plans have a staging server available for us to do the testing for them.

You May Also Like…

WordPress 6.5: What to Expect

WordPress 6.5: What to Expect

WordPress 6.5 will be the first major release of 2024. It's currently scheduled to be launched on March 26th, but that...


Pin It on Pinterest

Share This