WordPress update

WordPress has released a new version and it fixes six security issues that could affect your site. We have all seen from the recent hacking scandal of the NHS that vulnerabilities can be exposed, so it’s critical that you update your sites to the latest version of WordPress as soon as possible.

The six security issues that have been fixed are:

  • Insufficient redirect validation in the HTTP class
  • Improper handling of post meta data values in the XML-RPC API
  • Lack of capability checks for post meta data in the XML-RPC API
  • A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialogue
  • A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files
  • A cross-site scripting (XSS) vulnerability was discovered related to the Customizer

It’s great news that WordPress are being so proactive in the finding and fixing of potential security issues. If you haven’t¬†already received an automatic update email then we strongly recommend updating your sites as soon as possible. You can see the official blog post about this by clicking here.

 

Written by Matt Peacock

Matt is an award-winning WordPress developer with over 11 years of web development experience. A WordPress devotee with a real passion for contributing and improving what he does on a daily basis, he builds websites that are the 'difference that makes the difference'.Matt is a former county champion golfer, NLP Practitioner and has a degree in Psychology.