By: Dave Haygarth On: September 13, 2013 In: Web news Comments: 0

An important update to the popular WordPress platform was released yesterday, and webmasters were urged to update immediately. It’s not unprecedented for WordPress to strongly word releases like that, but this fix addresses a number of important security issues and vulnerabilities.  WordPress.org’s official announcement says that this release helps

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention

We immediately updated all our clients on the WordPress Security Updates package, and strongly urge anyone else running a WordPress site to update immediately.

Trackback URL: https://reversedelta.com/2013/09/13/wordpress-get-yourself-updated/trackback/

Leave reply:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.