Jump to content


Photo

WordPress updates


  • Please log in to reply
51 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,738 posts

Posted 07 May 2015 - 08:58 AM

FYI...

WordPress 4.2.2 Security and Maintenance Release
- https://wordpress.or...ordpress-4-2-2/
May 7, 2015 - "WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Version 4.2.2 addresses two security issues:
> The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it...
> WordPress versions 4.2 and earlier are affected by a -critical- cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue...
The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor... WordPress 4.2.2 also contains fixes for -13- bugs from 4.2...

Release notes:
- https://codex.wordpr...g/Version_4.2.2

Download:
- https://wordpress.org/download/
... or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.
___

- https://www.us-cert....tenance-Release
May 07, 2015
___

- http://www.theinquir...o-hackers-again
May 8 2015 - "... The two culprits are JetPack, a customisation and performance tool with one million active installations, and TwentyFifteen, a theme designed to enable infinite scrolling that is installed into new WordPress sites as a default. A Document Object Model (DOM)-based cross-site scripting (XSS) flaw has made the plugins vulnerable to hackers, and could affect millions of WordPress users. The attack payload is executed as a result of modifying the DOM environment in a victim's browser used by the original client side script, so that the client side code runs in an unexpected way. Security firm Securi* found that the flaw in the two plugins is the result of an insecure file included with genericons, which are vector icons embedded in a web font..."
* https://blog.sucuri....l#disqus_thread
May 6, 2015
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 08 May 2015 - 05:55 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,738 posts

Posted 04 August 2015 - 12:35 PM

FYI...

WordPress 4.2.4 released
- https://wordpress.or...enance-release/
Aug 4, 2015 - "WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site..."

Release notes
- https://codex.wordpr...g/Version_4.2.4

Download
- https://wordpress.org/download/

- https://www.us-cert....Security-Update
Aug 04, 2015
___

- http://www.securityt....com/id/1033178
CVE Reference: CVE-2015-2213, CVE-2015-5730, CVE-2015-5731, CVE-2015-5732, CVE-2015-5733, CVE-2015-5734
Aug 4 2015
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.2.3 and prior versions...
Solution: The vendor has issued a fix (4.2.4)...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 05 August 2015 - 07:28 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button