The WordPress developers highly recommend its users immediately update their applications because of how concerning the mentioned vulnerabilities are.
These bugs and vulnerabilities distress WordPress versions between 5.4 and 5.8, and all versions are beginning 5.4 were updated and involved patches for the exposures.
In addition, the developers from WordPress have highlighted that the XSS and privilege escalation bugs affecting the block editor have already been discovered and fixed during version 5.8’s beta testing period.
It was also advised by the U.S. Cybersecurity and Infrastructure Security Agency or CISA for the users to review the release notes and execute the update installations. Some websites that have enabled an automatic background update should already have their systems updated.
It is common for web giants such as WordPress to be a target for cyberattacks. However, there are more cases where threat actors expose bugs and vulnerabilities in some other popular plugins aside from the flaws that affect the core of WordPress.
iZOOlogic has encountered numerous WordPress-based sites where phishing pages targeting prominent banks are directly hosted. Through exploits, the content injection and directory take over is possible. Prevention is better than phishing injection; that is why we recommend patching the security issues by upgrading.