• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Tech Solutions NC

Your one stop for home and small business computer and network support

  • About Us
    • Knowledgebase
  • Contact Us
  • Appointments
  • Testimonials
  • Subscribe

Automattic

WordPress Security Update to 4.5.3

June 23, 2016 by Mike Ellis Leave a Comment

WordPress
©WordPress

For all of you that blog, many of you choose WordPress as your platform of choice for your blog.  I run WordPress here at Tech Solutions NC, as well as on my personal blog.  WordPress recently released version 4.5.3 of their software, which takes care of a host of security issues that were exposed in version 4.5.2.  Among the issues:

  • Redirect bypass in the customizer
  • Two different XSS problems via attachment names
  • Revision history information disclosure
  • oEmbed Denial of Service
  • Unauthorized category removal in a post
  • Password change via a stolen cookie
  • and more…

As we discussed on our post on the security settings you need to have enabled on your computer, automatic updates is a key part of that strategy.  While automatic updates for your blogging software may not be feasible, it’s still important to make sure that the update is taken care of.  For some of you, your host may take care of the update for you; for others, it may be automated; but for the majority of bloggers, especially in a self-hosted environment, you need to take care of it yourself. Make sure you do so as soon as is feasible.

Kudos to WordPress for dealing with these issues quickly, and also to those that discovered the vulnerabilities and reported back to WordPress.  If you haven’t upgraded your WordPress yet, go ahead and take care of that soon.  If you aren’t sure what to do, then by all means, reach out to us — WordPress site maintenance is just one of the services we offer here at Tech Solutions NC. Reach out to us via our Appointments page and we schedule an appointment with us today!

You can read the complete security release on the WordPress website.

Filed Under: Featured, Security, Tech Solutions Tagged With: Advertising, Akismet, Automattic, Blog, Botnet, Cross-site scripting, Denial-of-service attack, Google+, Netflix, Password, Search engine optimization, Social media, Spotify, themes, ThreatMetrix, Twitter, Vulnerability (computing), Web hosting service, Website, WordPress

Footer

Archives

Copyright © 2022 Tech Solutions NC, LLC

 

Loading Comments...