Nguyen The Duc

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 **Description** In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. The vulnerability is related to the `parse query` method in the `class-wp-query.php` file and is associated with a lack of protection for service data. This may allow a remote attacker to gain access to confidential data. **Recommendations** For versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. For versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33, consider updating to a newer version that includes the security patch. As a temporary workaround, consider restricting access to private posts until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 **Description** A vulnerability in the `stats()` method of `class-wp-object-cache.php` can be exploited to execute cross-site scripting (XSS) attacks. This issue is related to insufficient protection measures for web page structures, allowing a remote attacker to impact data integrity. **Recommendations** For versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. For versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33, consider updating to a newer version that includes the patch. As a temporary workaround, consider disabling the `stats()` method in `class-wp-object-cache.php` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.3.1 **Description** The issue is related to the wp kses bad protocol function in WordPress, which mishandles the HTML5 colon named entity. This allows attackers to bypass input sanitization. For example, the `javascript:` substring can be used to demonstrate this issue. The vulnerability can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For WordPress versions prior to 5.3.1, update to version 5.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `wp kses bad protocol` function in `wp-includes/kses.php` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WordPress versions 3.7 through 5.3.0 **Description** The issue is related to an authentication error in the `class-wp-rest-posts-controller` function of the WordPress content management system, allowing users to mark posts as sticky via the REST API. This could be exploited by a remote attacker to impact data integrity. Authenticated users without the rights to publish a post, such as those with the contributor role, could bypass restrictions and mark posts as sticky or unsticky. **Recommendations** For WordPress versions 3.7 through 5.3.0, update to version 5.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoint related to post management until the update is applied.