WordPress, the most popular CMS (content management system) has been reported having a critical cross site scripting security flaw alongside two other less damaging vulnerabilities. The guys behind it has fixed it and released latest WordPress version being 4.1.2 in an emergency.
WordPress is the most used CMS (content management system) online, well actually, chances are you perhaps already know about it. If you’re a webmaster or business owner having a WordPress based online portal – you should update your WordPress version ‘immediately’. Go check in your updates tab, and you should have WordPress update there.
The reason behind this urgent WordPress release is, there were a serious cross-site script based vulnerability that could allow hacking of any WordPress site. This WP (WordPress) security release fixes two other vulnerabilities, too – however, those are less serious ones. The update also includes some security flaw fixes to some of the plugins being vulnerable SQL-injection attacks, and includes ‘hardening’ changes.
Gary Pendergast, one of the developers from WordPress said that XSS-flaws were find in a decent number of heavily used WordPress plugins – just recently. The plugins became vulnerable due to insecure implementation of the two functions that often are used by WP developers to modify and ad query-strings to the URLS within WP CMS.
Pernderdast Urged, “Keep everything updated to stay secure”. He advised all of the plugin authors to see whether if their plugin is also effected by same security issue, and the WP developer offered them instructions on how they can do it
On other side, Sucuri Security (WordPress security management firm) published the list of most popular WordPress plugins being affected. The company also highlighted that which ones among the list have been fixed as of now.
Now, this is not the first time that WordPress has been reported having security flaws. In fact, in November, WordPress’s 4.0.1 version release was actually a security fix as well. And just recently (on April 7, 2015), the FBI already warned that hackers might be misusing WP plugins. So, even a tech giant like WordPress isn’t an exception when it comes to security holes and cyber-attacks in this dangerous age of Internet. As suggested above, update your WordPress immediately now and always keep yourself on the feet to protect your WordPress site from external attacks.
Top/Featured Image: By Kpgolfpro via Pixabay