Leave a comment

Top Story: Critical security holes affecting thousands of websites

Top Story: Critical security holes affecting thousands of websites

A popular content management system (CMS) software provider that powers about a quarter of all websites in the world has issued security patches today to fix two serious security flaws.

As of February of this year, over half of all websites and blogs with a known content management system uses this as their backend. Webmasters are encouraged to update this CMS software's packages as soon as possible to protect their domains and their site users from critical vulnerabilities.

WordPress 4.6.1 is now available and it patches two security flaws that put thousands of websites at risk.

The first flaw, a cross-site scripting vulnerability, was discovered in June by security researcher Cengiz Han. This flaw allows an attacker to upload a specially crafted image to a WordPress site then inject malicious JavaScript code to steal login credentials, session tokens or to remotely execute more malicious code.

The second flaw is a path traversal vulnerability in the upgrade package uploader discovered by Dominik Schilling of WordPress' own security team.

The WordPress 4.6.1 update should fix all these vulnerabilities including 15 previous bugs from version 4.6, which include backspace jumping, infinite loops during plugin installs, thumbnail preview bugs, and email failure on certain setups.

To get this critical patch, go to your WordPress Dashboard >> Updates >> "Update Now." WordPress sites that have automatic background updates enabled should have their upgrade process already initiated.

For the regular end user, backend vulnerabilities like these show how important it is to have real-time internet protection from compromised websites and emerging threats.

To read more about the WordPress 4.6.1 security release, please check WordPress.org.

Next Story
Source: Zdnet
NFL fans can now watch games online, but there is a catch
Previous Happening Now

NFL fans can now watch games online, but there is a catch

New Mac virus lets hackers spy and take screenshots
Next Happening Now

New Mac virus lets hackers spy and take screenshots

View Comments ()