WordPress 4.9.9 / 5.0.1 Security Released Available — You Should Upgrade Immediately

WordPress 5.0 which was released last week has seen its first security update which resolves vulnerabilities found in all previous versions of WordPress starting with 3.7

WordPress team strongly encourage you to update your sites immediately if you haven’t done so already…

These bugs include a discovery that authors could alter meta data to delete files that they weren’t authorized to, a second discovery that authors could create posts of unauthorized post types with specially crafted input which could be used to take over a site…

Also, Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability….

WordPress sites that haven’t upgraded to 5.0 and are configured to automatically update will see the sites upgraded to 4.9.9…. Sites that have upgraded to 5.0 and are configured for auto update will see the sites upgraded to 5.0.1.For more about this release, please check the release page from here

A list of items addressed with this release are:

  • Discovery that authors could alter meta data to delete files that they weren’t authorized to.
  • Discovery that authors could create posts of unauthorized post types with specially crafted input.
  • Discovery that contributors could craft meta data in a way that resulted in PHP object injection.
  • Discovery that contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.
  • Discovery that specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations.
  • Discovery that the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.
  • Discovery that authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.

Below are tutorials that show students and new users how to install WordPress with Apache2 or Nginx webserver support on Ubuntu servers… If you want to learn how to install WordPress, use the tutorials below…

WordPress with Apache2 Support

If you want to learn how to install WordPress with Apache2, MariaDB and PHP 7.2, the post below is a great place to start…

Installing WordPress 5.0 on Ubuntu 16.04 / 18.04 / 18.10 with Apache2, MariaDB and PHP 7.2

WordPress with Nginx Support

To learn how to install WordPress with Nginx, MariaDB and PHP 7.2 support, the post below should be a great place to start…

Setting Up WordPress 5.0 on Ubuntu 16.04 / 18.04 / 18.10 with Nginx, MariaDB and PHP 7.2-FPM

Upgrading WordPress

If your sites are not configured to automatically upgrade, then go over to WordPress Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

WordPress 5.0 upgrade

This will update WordPress to the latest release… hope you enjoy it and stay tuned for more new and tutorials on installing and using WordPress to power your blogs and websites…

That’s it!

You may also like the post below:

Log Out, Switch Users, Lock Screen, Power Off Ubuntu Desktops

One Reply to “WordPress 4.9.9 / 5.0.1 Security Released Available — You Should Upgrade Immediately”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.