For all of you that blog, many of you choose WordPress as your platform of choice for your blog. I run WordPress here at Tech Solutions NC, as well as on my personal blog. WordPress recently released version 4.5.3 of their software, which takes care of a host of security issues that were exposed in version 4.5.2. Among the issues:
- Redirect bypass in the customizer
- Two different XSS problems via attachment names
- Revision history information disclosure
- oEmbed Denial of Service
- Unauthorized category removal in a post
- Password change via a stolen cookie
- and more…
As we discussed on our post on the security settings you need to have enabled on your computer, automatic updates is a key part of that strategy. While automatic updates for your blogging software may not be feasible, it’s still important to make sure that the update is taken care of. For some of you, your host may take care of the update for you; for others, it may be automated; but for the majority of bloggers, especially in a self-hosted environment, you need to take care of it yourself. Make sure you do so as soon as is feasible.
Kudos to WordPress for dealing with these issues quickly, and also to those that discovered the vulnerabilities and reported back to WordPress. If you haven’t upgraded your WordPress yet, go ahead and take care of that soon. If you aren’t sure what to do, then by all means, reach out to us — WordPress site maintenance is just one of the services we offer here at Tech Solutions NC. Reach out to us via our Appointments page and we schedule an appointment with us today!
You can read the complete security release on the WordPress website.