Skip to main content

Advisories

Alert: WordPress CMS Vulnerabilities and Security Updates, issued May 17, 2021

Description

WordPress content management system (CMS) has released a security update that features one important security fix. An attacker could exploit the vulnerabilities in WordPress versions between 3.7 and 5.7.1 and take control of an unpatched website.
It is therefore recommended that all WordPress users update their sites immediately to the latest version of WordPress 5.7.2. All versions since WordPress 3.7 need to be updated.

Security Risks
One security issue affecting WordPress versions between 3.7 and 5.7 is the object injection in PHPMailer, CVE2020-36326 and CVE-2018-19296. All WordPress versions since 3.7 are affected and need to be updated to fix this vulnerability.

Recommendation
The National Cyber Security Authority recommends all WordPress CMS users, webmasters and administrators to:

  • Update their website’s current WordPress version to WordPress 5.7.2 by downloading from WordPress.org, or visiting the Dashboard → Updates menu in the site’s admin area and click Update Now. If you have sites that support automatic background updates, ensure that they have already started the update process.
  • Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009

Reference
WordPress - May 2021 Security Release
https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/

https://wordpress.org/support/wordpress-version/version-5-7-2/
https://wordpress.org/support/article/updating-wordpress/