WordPress Launches Version 4.0.1 to Patch Up Several Security Issues
Popular content management system (CMS) and blogging tool WordPress has recently released version 4.0.1an update aiming to resolve some critical security issues within the system.
Among the updates for WordPress 4.0.1 are fixes for three XSS issues, a cross-site request forgery, as well as a denial-of-service bug. The blogging software has also applied additional security for server-side request forgery attacks when users create HTTPS requests. Furthermore, WordPress 4.0.1 addresses an issue concerning the validity of links within password reset emails.
Previous versions, from version 3.9.2, are said to be affected by a critical cross-site scripting (XSS) vulnerability, which could enable anonymous users to compromise a site, states Andrew Nacin in the WordPress blog. An estimated 86% of WordPress sites have been affected by this XSS hole. Researcher Jouko Pynnonen was the first to report the vulnerabilities, identifying them as the most serious defect in five years.
An attacker could exploit the vulnerability by entering carefully crafted comments, containing program code, on WordPress blog posts and pages. Under default settings comments can be entered by anyone without authentication (login), Pynnonen wrote in a technical advisory discussing the problem.
WordPress encourages all users to update their sites right away in order to be protected from these security issues. Although the flaw only affects versions 3.0 to 3.9.2, the company still urges version 4.0 users to update to 4.0.1 to fix 23 other bugs.
WordPress has announced that sites with automatic background updates will automatically be updated to version 4.0.1.
Users can download WordPress 4.0.1 here, or they can simply click Update Now under the Updates tab on their Dashboard.
To learn more about the new WordPress version, view the release notes or the list of changes.
What significant security flaws have you encountered so far with previous versions of WordPress? How will WordPress 4.0.1 help you with those issues? Let us know in the Comments below.
Comments
comments