WordPress issued an emergency fix to the major 4.2 version of its widely-used blogging software released just last week. The hurriedly launched version 4.2.1 was in response to a zero-day flaw that put tens of millions of WordPress sites at risk.
Pynnonen first blogged about this vulnerability on April 26th just three days after the release of version 2.4. He described the defect as a stored Cross Site Scripting (XSS) vulnerability.
“If triggered by a logged-in administrator, under default settings, the attacker can leverage the vulnerability to execute arbitrary code on the server via a plugin and theme editors,” said Pynnonen in a recent blog post.
In a statement released Wednesday, WordPress stated, “This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.”
Have questions about your website security? Contact us immediately at (877) 239-1219 or drop us an email at firstname.lastname@example.org.
The CEN staff is one of the most knowledgeable service staff we have encountered, are solution oriented and they always find the most economical solutions to resolving our issues. Most important they are most timely in the resolution of our problems. We would certainly recommend their services to any company.”
(877) 239 1219