{"id":8626,"date":"2022-10-18T09:01:11","date_gmt":"2022-10-18T07:01:11","guid":{"rendered":"https:\/\/www.maintenance-cms-wp.fr\/?p=8626"},"modified":"2022-10-18T09:21:40","modified_gmt":"2022-10-18T07:21:40","slug":"la-mise-a-jour-de-securite-wordpress-6-0-3-corrige-les-vulnerabilites-xss-et-vulnerabilities","status":"publish","type":"post","link":"https:\/\/maintenance-cms-wp.fr\/articles\/la-mise-a-jour-de-securite-wordpress-6-0-3-corrige-les-vulnerabilites-xss-et-vulnerabilities\/","title":{"rendered":"La mise \u00e0 jour de s\u00e9curit\u00e9 WordPress 6.0.3 corrige les vuln\u00e9rabilit\u00e9s XSS et Vulnerabilities"},"content":{"rendered":"<header class=\"entry-header\">\n<h1 class=\"entry-title\">Version 6.0.3<\/h1>\n<\/header>\n<div class=\"entry-content\">\n<section>\n<div class=\"container\">\n<p>Le 17 octobre 2022, WordPress 6.0.3<\/p>\n<\/div>\n<p><strong>WordPress 6.0.3 est maintenant disponible !<\/strong> Cette version comporte plusieurs correctifs de s\u00e9curit\u00e9. Comme il s&rsquo;agit d&rsquo;une version de s\u00e9curit\u00e9, il est recommand\u00e9 de mettre \u00e0 jour vos sites imm\u00e9diatement. Toutes les versions depuis WordPress 3.7 ont \u00e9galement \u00e9t\u00e9 mises \u00e0 jour.<\/p>\n<div class=\"container\">\n<h3 id=\"security-updates-included-in-this-release\" class=\"toc-heading\" tabindex=\"-1\"><a class=\"dashicons-before dashicons-admin-links\" href=\"https:\/\/wordpress.org\/support\/wordpress-version\/version-6-0-3\/#security-updates-included-in-this-release\">Mises \u00e0 jour de s\u00e9curit\u00e9 incluses dans cette version<\/a><\/h3>\n<p>L&rsquo;\u00e9quipe de s\u00e9curit\u00e9 tient \u00e0 remercier les personnes suivantes pour avoir signal\u00e9 de mani\u00e8re responsable les vuln\u00e9rabilit\u00e9s et leur avoir permis d&rsquo;\u00eatre corrig\u00e9es dans cette version.<\/p>\n<ul>\n<li>XSS stock\u00e9 via wp-mail.php (post by email) &#8211; Toshitsugu Yoneyama de Mitsui Bussan Secure Directions, Inc. via JPCERT<\/li>\n<li>Ouvrir la redirection dans `wp_nonce_ays` \u2013 devrayn<\/li>\n<li>L&rsquo;adresse e-mail de l&rsquo;exp\u00e9diteur est expos\u00e9e dans wp-mail.php &#8211; Toshitsugu Yoneyama de Mitsui Bussan Secure Directions, Inc. via JPCERT<\/li>\n<li>Biblioth\u00e8que multim\u00e9dia &#8211; XSS r\u00e9fl\u00e9chi via SQLi &#8211; Ben Bidner de l&rsquo;\u00e9quipe de s\u00e9curit\u00e9 WordPress et Marc Montpas d&rsquo;Automattic ont d\u00e9couvert ce probl\u00e8me de mani\u00e8re ind\u00e9pendante<\/li>\n<li>CSRF dans wp-trackback.php \u2013 Simon Scannell<\/li>\n<li>Stock\u00e9 XSS via le Customizer &#8211; Alex Concha de l&rsquo;\u00e9quipe de s\u00e9curit\u00e9 WordPress<\/li>\n<li>R\u00e9tablir les instances d&rsquo;utilisateurs partag\u00e9s introduites en <a href=\"https:\/\/core.trac.wordpress.org\/changeset\/50790\">50790 <\/a>&#8211; Alex Concha et Ben Bidner de l&rsquo;\u00e9quipe de s\u00e9curit\u00e9 WordPress<\/li>\n<li>XSS stock\u00e9 dans WordPress Core via l&rsquo;\u00e9dition de commentaires &#8211; Audit de s\u00e9curit\u00e9 tiers et Alex Concha de l&rsquo;\u00e9quipe de s\u00e9curit\u00e9 WordPress<\/li>\n<li>Exposition des donn\u00e9es via le point de terminaison des termes\/balises REST &#8211; Than Taintor<\/li>\n<li>Le contenu des e-mails en plusieurs parties a \u00e9t\u00e9 divulgu\u00e9 &#8211; <a href=\"https:\/\/profiles.wordpress.org\/kraftner\">Thomas Kr\u00e4ftner<\/a><\/li>\n<li>Injection SQL en raison d&rsquo;une mauvaise d\u00e9sinfection dans `WP_Date_Query` &#8211; <a href=\"https:\/\/www.gold-network.ch\/\">Michael Mazzolini<\/a><\/li>\n<li>Widget RSS : Probl\u00e8me XSS stock\u00e9 &#8211; Audit de s\u00e9curit\u00e9 par un tiers<\/li>\n<li>XSS stock\u00e9 dans le bloc de recherche &#8211; Alex Concha de l&rsquo;\u00e9quipe WP Security<\/li>\n<li>Bloc d&rsquo;image de fonctionnalit\u00e9 : probl\u00e8me XSS &#8211; Audit de s\u00e9curit\u00e9 tiers<\/li>\n<li>Bloc RSS : Probl\u00e8me XSS stock\u00e9 &#8211; Audit de s\u00e9curit\u00e9 par un tiers<\/li>\n<li>Correction du bloc de widget XSS &#8211; Audit de s\u00e9curit\u00e9 par un tiers<\/li>\n<\/ul>\n<h2 id=\"credits\" class=\"toc-heading\" tabindex=\"-1\"><a class=\"dashicons-before dashicons-admin-links\" href=\"https:\/\/wordpress.org\/support\/wordpress-version\/version-6-0-3\/#credits\">Cr\u00e9dits<\/a><\/h2>\n<p>Cette sortie a \u00e9t\u00e9 dirig\u00e9e par <a href=\"https:\/\/profiles.wordpress.org\/xknown\">Alex Concha<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/peterwilsoncc\">Peter Wilson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/audrasjb\">Jb Audras <\/a>et <a href=\"https:\/\/profiles.wordpress.org\/SergeyBiryukov\">Sergey Biryukov<\/a>. Merci \u00e0 <a href=\"https:\/\/profiles.wordpress.org\/desrosj\/\">Jonathan Desrosiers<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jorgefilipecosta\/\">Jorge Costa<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/bernhard-reiter\/\">Bernie Reiter <\/a>et <a href=\"https:\/\/profiles.wordpress.org\/cbravobernal\/\">Carlos Bravo <\/a>pour leur aide sur les mises \u00e0 jour des paquets.<\/p>\n<p>WordPress 6.0.3 n&rsquo;aurait pas \u00e9t\u00e9 possible sans les contributions des personnes suivantes. Leur coordination asynchrone pour fournir plusieurs correctifs dans une version stable t\u00e9moigne de la puissance et de la capacit\u00e9 de la communaut\u00e9 WordPress.<\/p>\n<p class=\"is-style-default\"><a href=\"https:\/\/profiles.wordpress.org\/xknown\/\">Alex Concha<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/costdev\/\">Colin Stewart<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/talldanwp\/\">Daniel Richards<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/davidbaumwald\/\">David Baumwald<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/dd32\/\">Dion Hulse<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ehtis\/\">ehtis<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/voldemortensen\/\">Garth Mortensen<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/audrasjb\/\">Jb Audras<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\/\">John Blackbourn<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/johnjamesjacoby\/\">John James Jacoby<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/desrosj\/\">Jonathan Desrosiers<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jorgefilipecosta\/\">Jorge Costa<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jrf\/\">Juliette Reinders Folmer<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/rudlinkon\/\">Linkon Miyan<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/martinkrcho\/\">martin.krcho<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/matveb\/\">Matias Ventura<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/mukesh27\/\">Mukesh Panchal<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/paulkevan\/\">Paul Kevan<\/a><\/p>\n<h2 id=\"list-of-updated-packages\" class=\"toc-heading\" tabindex=\"-1\"><a class=\"dashicons-before dashicons-admin-links\" href=\"https:\/\/wordpress.org\/support\/wordpress-version\/version-6-0-3\/#list-of-updated-packages\">Liste des paquets mis \u00e0 jour<\/a><\/h2>\n<pre class=\"wp-block-preformatted\">@wordpress\/block-directory : 3.4.15 @wordpress\/block-library : 7.3.15 @wordpress\/customize-widgets : 3.3.15 @wordpress\/edit-post : 6.3.15 @wordpress\/edit-site : 4.3.15 @wordpress\/edit-widgets : 4.3.15 @wordpress\/widgets : 2.4.11<\/pre>\n<h2 id=\"list-of-files-revised\" class=\"toc-heading\" tabindex=\"-1\"><a class=\"dashicons-before dashicons-admin-links\" href=\"https:\/\/wordpress.org\/support\/wordpress-version\/version-6-0-3\/#list-of-files-revised\">Liste des fichiers r\u00e9vis\u00e9s<\/a><\/h2>\n<pre class=\"wp-block-preformatted\">src\/wp-admin\/about.php src\/wp-admin\/includes\/ajax-actions.php src\/wp-admin\/includes\/post.php src\/wp-includes\/blocks\/legacy-widget.php src\/wp-includes\/blocks\/navigation.php src\/wp-includes\/blocks\/post-featured-image.php src\/wp-includes\/blocks\/rss.php src\/wp-includes\/blocks\/search.php src\/wp-includes\/blocks\/widget-group.php src\/wp-includes\/class-wp-date-query.php src\/wp-includes\/class-wp-query.php src\/wp-includes\/comment.php src\/wp-includes\/customize\/class-wp-customize-header-image-control.php src\/wp-includes\/customize\/class-wp-customize-site-icon-control.php src\/wp-includes\/deprecated.php src\/wp-includes\/functions.php src\/wp-includes\/media-template.php src\/wp-includes\/pluggable.php src\/wp-includes\/post.php src\/wp-includes\/rest-api\/endpoints\/class-wp-rest-attachments-controller.php src\/wp-includes\/rest-api\/endpoints\/class-wp-rest-terms-controller.php src\/wp-includes\/user.php src\/wp-includes\/version.php src\/wp-includes\/widgets.php src\/wp-mail.php src\/wp-trackback.php<\/pre>\n<\/div>\n<\/section>\n<\/div>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.maintenance-cms-wp.fr\/services\/maintenance-et-support-wordpress\/\">Nous solutions de maintenance WordPress \u00e0 partir de 59\u20ac ht\/ mois\u00a0<\/a><\/p>\n<p style=\"text-align: right;\">\n","protected":false},"excerpt":{"rendered":"<p>Version 6.0.3 Le 17 octobre 2022, WordPress 6.0.3 WordPress 6.0.3 est maintenant disponible ! Cette version comporte plusieurs correctifs de s\u00e9curit\u00e9. Comme il s&rsquo;agit d&rsquo;une&#8230;<\/p>\n","protected":false},"author":2,"featured_media":2256,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[52,32,30],"tags":[43,36,35],"class_list":["post-8626","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurite","category-vulnerabilite","category-wordpress","tag-securite","tag-vulnerabilite","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts\/8626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/comments?post=8626"}],"version-history":[{"count":4,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts\/8626\/revisions"}],"predecessor-version":[{"id":8630,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/posts\/8626\/revisions\/8630"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/media\/2256"}],"wp:attachment":[{"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/media?parent=8626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/categories?post=8626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maintenance-cms-wp.fr\/articles\/wp-json\/wp\/v2\/tags?post=8626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}