Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Update your website – New Patch for WordPress is out

Update your website – New Patch for WordPress is out


The latest version of WordPress (version 4.2.3) was released on 23 July 2015 and includes a fix for a cross-site scripting (XSS) vulnerability. The flaw allows WordPress users who have Contributor or Author roles to add javascript to a site (something normally reserved for Editors and Administrators) using specially crafted shortcodes. Attackers who can add javascript to a site can use it to do damage such as infecting users with malware or stealing their cookies. Some measure of protection is afforded by the fact that attackers will need a way to log in to a vulnerable site with at least Contributor privileges. Vulnerabilities in popular web platforms like WordPress provide an easy way for them to target tens or even hundreds of millions of websites at a time with automated tools. Users are therefore advised to apply updates at the earliest.
 
Source:
 
Naked Security Sophos
 
WordPress
 
IT Security News
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis