Tuesday, April 28, 2015


Widely used open-source content management system WordPress version 4.1.2 gets a critical fix for a security flaw that allows attackers to conduct XSS attacks. Site admins are notified about the latest release and urge to apply the update on earliest basis. Website operators who have enabled auto-update feature dont need to do anything as their sites are already updated - so just chill. WordPress warns in a blog post that sites using WordPress versions 4.1.1 and earlier can be compromised due to cross site scripting flaw and advised them to update immediately. Besides this, there is another XSS issue that affects WordPress versions 3.9 and later that has been patched as well. WordPress alerts users that it could aid intruders to launch a social engineering attack. WordPress 4.1.2 also patches an SQL injection flaw for plugins that allows user to upload arbitrary files with invalid file names. <more>

No comments: