WordPress Releases Security Updates

Earlier this week, WordPress released version 4.2.4 of its self-hosted blogging tool/content management system (CMS).

This update resolves 6 serious issues, which include:

Due to the severity of these issues, WordPress is advising it’s users to update immediately.

In addition, in late July WordPress released version 4.2.3. That update resolves 2 security vulnerabilities; the first vulnerability is a cross-site scripting (XSS) issue that could allow legitimate users (with Author or Contributor rights) to compromise your website by allowing the addition of JavaScript to the website pages. With the addition of arbitrary JavaScript code to a website comes risks of malware infection (e.g. a watering hole attack) or in a severe case of an XSS attack the user’s session cookies (and thus the resources/information it has access to) are compromised by an attacker. The remaining issue involved a legitimate user with Subscriber permissions being able to carry out un-intended actions, specifically creating a draft of a webpage using the Quick Draft feature.

WordPress users can update their CMS manually or since version 3.7 of WordPress an automatic updater (thanks to Sophos for this useful piece of information) will install the above mentioned update in the background. Full details of this update and how to install it are available in this WordPress blog post. WordPress.com hosted blogs such as the one you are reading now automatically receive such security updates.

The next version WordPress namely 4.3 is anticipated to arrive on the 18th of August. While this is not a security update, it does contain important changes. In order to ensure the stability and security of your WordPress installation it is prudent to have streamlined processes in place in order to apply multiple updates to WordPress each month when necessary.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s