老蒋对于WordPress程序的整体感觉还是不错的,但是特别不喜欢前一天才升级更新,后面又来一个补丁。要更新升级能不能一次完成?这次升级5.0的时候没有安全更新,估计看到大家都没有升级,因为不喜欢Gutenberg编辑器,于是乎来一个安全补丁更新,看你升级不?
如果我们有在用WordPress非最新版本的话,建议升级,因为有安全补丁。
1、authors could alter meta data to delete files that they weren’t authorized to.
2、authors could create posts of unauthorized post types with specially crafted input.
3、contributors could craft meta data in a way that resulted in PHP object injection.
4、contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.
5、specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations.
6、the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.
7、authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.
如果我们在升级之后是强制有安装Gutenberg编辑器的,如果我们不喜欢可以参考"禁用WordPress Gutenberg古腾堡编辑器两个方法"禁止掉。
本文出处:老蒋部落 » 再次更新升级WordPress 5.0.1 安全漏洞尽快更新 | 欢迎分享( 公众号:老蒋朋友圈 )