This vulnerability was reported to WordPress on January 21; no fix is available yet. Please refer to the section Patch to obtain guidance on potential remediations to apply to your WordPress instances.
It is the first time we have released details about an unpatched vulnerability, and this decision was not taken lightly. This issue was first reported about six years ago in January 2017 by another researcher and numerous others over the years. After our report and further investigation, we could also identify multiple public blog posts documenting the same behavior as the one we’ll be covering today.
Because of its low impact as-is, its prior publication, and the need to chain it to additional vulnerabilities in third-party software, we believe this release won’t endanger WordPress users and can only help them harden their instances.
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings