欢迎访问服务器技术网-www.fuwuqijishu.com

再次更新升级WordPress 5.0.1 安全漏洞尽快更新

网站建设 fuwuqijishu 2年前 (2022-09-04) 103次浏览 0个评论 扫描二维码

对于WordPress程序的整体感觉还是不错的,但是特别不喜欢前一天才升级更新,后面又来一个补丁。要更新升级能不能一次完成?这次升级5.0的时候没有安全更新,估计看到大家都没有升级,因为不喜欢Gutenberg编辑器,于是乎来一个安全补丁更新,看你升级不?

如果我们有在用WordPress非最新版本的话,建议升级,因为有安全补丁。

1、authors could alter meta data to delete files that they weren’t authorized to.

2、authors could create posts of unauthorized post types with specially crafted input.

3、contributors could craft meta data in a way that resulted in PHP object injection.

4、contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.

5、specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations.

6、the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.

7、authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.

如果我们在升级之后是强制有安装Gutenberg编辑器的,如果我们不喜欢可以参考”禁用WordPress Gutenberg古腾堡编辑器两个方法”禁止掉。

喜欢 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

Warning: error_log(/www/wwwroot/fuwiqijishu/wp-content/plugins/spider-analyser/#log/log-2202.txt): failed to open stream: No such file or directory in /www/wwwroot/fuwiqijishu/wp-content/plugins/spider-analyser/spider.class.php on line 2900