Impact
On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection.
Patches
This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled.
References
https://wordpress.org/news/category/releases/
https://hackerone.com/reports/541469
For more information
If you have any questions or comments about this advisory:
Impact
On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection.
Patches
This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled.
References
https://wordpress.org/news/category/releases/
https://hackerone.com/reports/541469
For more information
If you have any questions or comments about this advisory: