[Nfb-web] Fwd: please pass on to webmasters: wordpress update
David Andrews
dandrews at visi.com
Wed Aug 5 13:58:36 UTC 2015
Please take note.
Dave
>Most sites should update automatically, but it should be verified.
>
>WordPress 4.2.4 fixes critical vulnerabilities
>
>Posted on 05 August 2015.
>
>It's time to update your self-hosted versions of WordPress again.
>
> WordPress 4.2.4, released on Tuesday, fixes four bugs and several
>security issues: •Three cross-site scripting vulnerabilities
>• An SQL injection injection bug (CVE-2015-2213) that can result inn a
>remote attacker executing arbitrary SQL commands on the affected
>system and to ultimately compromise a website running on the popular
>CMS
>•A bug that could allow attackers to mount a timing side-channel atttack
>•A bug that can allow attackers to prevent a post from being editedd (ever).
>Even though there is no mention of any of the bugs being currently
>exploited in the wild, the developers are urging users to update
>immediately.
More information about the NFB-Web
mailing list