WordPress 4.2.3 Update Released to Patch a Major XSS Vulnerability

Share on Facebook Tweet Snapchat Share Reddit Comment
WordPress 4.2.3 Update Released to Patch a Major XSS Vulnerability
WordPress has rolled out a new version dubbed 4.2.3 of its content management system (CMS) to patch a critical cross-site scripting (XSS) vulnerability affecting all the existing versions. The blogging platform, which powers more than 60 million websites, urges all webmasters to update their sites.

The XSS vulnerability in question could have been exploited by any user marked "author" or "contributor" to fully compromise the site's security. The company didn't reveal the specifics around the vulnerability.

The WordPress update also fixes a recently discovered bug that allowed any subscriber to create blog posts on the site using management system's Quick Draft mechanism. The company says that the new update squashes 20 bugs.

Earlier this month, the company fixed several vulnerabilities in its plugins that could have been exploited to execute arbitrary code to steal sensitive information.

This is the second major vulnerability discovered in WordPress this year. In May, a major vulnerability was found in ThirtyFifteeen theme and the JetPack plugin, which affected about a million users.

The good thing about these updates is that they don't take much effort to implement. The blogging platform lets webmasters update to the latest version by simply clicking on the Update Now button.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Internet, malware, wordpress
Indian, US Students to 'Hack Space' for Environmental Sustainability
Astronomers Observe Interiors of Ancient Galaxies

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com