Recently around two WordPress security plug-in vulnerabilities were discovered that could lead to malicious upload, cross-site scripting, and content vulnerability of thousands of users. The official warning was published by The United States Government National Vulnerability Database (NVD). The first warning is data sanitization failure. Most users could not escape the log files, which is a significant step in ensuring data security. WordPress is very peculiar about data sanitization and even has a separate page regarding how to do it. This is why WordPress security vulnerabilities are such a big issue. WordPress is used across the world for website designing on a daily basis. Almost all companies, whether big or small, use the word press as an integral component in website design.
The second problem was data traversal vulnerability. This problem allows a hacker to access files that are generally not accessible because of data traversal failure. Although for the attacker to gain anything, it is essential to have admin-level credentials, still one must not take this problem lightly. People can avoid these problems by trying to update to the latest version, 5.17, which will fix crashes.