Critical zero day fix for WordPress hosted websites

Critical zero day fix for WordPress hosted websites

A critical zero day fix for WordPress hosted websites is now released by Maintainers of WordPress and they recommend to update the sites immediately.
The flaw is a stored cross-site scripting (XSS) issue that can be leveraged via the comment section of a website running WordPress, by hiding malicious code that is executed on the server.
This issue was discovered by Jouko Pynnönen, from Finnish-based vulnerability research company Klikki Oy, and it is similar to a bug found and reported privately by Cedric Van Bockhaven, which was fixed in WordPress 4.1.2.

From WordPress news:

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

You can refer the following video demonstrating the security flaw that has been made available from Klikki Oy:

How to update WordPress to 4.2.1??
WordPress 4.2.1 update is being rolled out as an automatic background update, for sites that support those.
Download WordPress 4.2.1 and apply it manually
– Or move over to Dashboard → Updates on your website admin page and simply click “Update Now”.

Where to see the Release Notes and ChangeSet info??
For more information on this issue and things fixed, see the below links:
release notes
list of changes

Make some arrangement of upgrading your WordPress to version 4.2.1 and you should be make this as a priority task because the code for exploiting the vulnerability has been publicly available since Sunday.
Be sure to take backup of all your database, website data and other relevant stuffs before going for this update.

Previous Samsung became world's largest smartphone maker
Next TWRP recovery and rooting for HTC One M9

About author

siba 674 posts

A B.Tech degree holder with more than 5 years of experience on Embedded Systems design domain. He has worked on Aerospace domain, NAND storage, Server storage and Wireless networking.

View all posts by this author →

You might also like

Sorry, no posts were found.


No Comments Yet!

You can be first to comment this post!