Home
Internet
Internet News
WordPress 4.2.3 Update Released to Patch a Major XSS Vulnerability

WordPress 4.2.3 Update Released to Patch a Major XSS Vulnerability

By Manish Singh | Updated: 24 July 2015 17:01 IST

WordPress has rolled out a new version dubbed 4.2.3 of its content management system (CMS) to patch a critical cross-site scripting (XSS) vulnerability affecting all the existing versions. The blogging platform, which powers more than 60 million websites, urges all webmasters to update their sites.

The XSS vulnerability in question could have been exploited by any user marked "author" or "contributor" to fully compromise the site's security. The company didn't reveal the specifics around the vulnerability.

The WordPress update also fixes a recently discovered bug that allowed any subscriber to create blog posts on the site using management system's Quick Draft mechanism. The company says that the new update squashes 20 bugs.

Earlier this month, the company fixed several vulnerabilities in its plugins that could have been exploited to execute arbitrary code to steal sensitive information.

This is the second major vulnerability discovered in WordPress this year. In May, a major vulnerability was found in ThirtyFifteeen theme and the JetPack plugin, which affected about a million users.

The good thing about these updates is that they don't take much effort to implement. The blogging platform lets webmasters update to the latest version by simply clicking on the Update Now button.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.