Another 'critical' upgrade for WordPress

News by SC Staff

Among new vulnerabilities patched in Wordpress 4.2.4 is CVE-2015-2213, an SQL injection vulnerability in Wordpress Comments that lets attackers “execute arbitrary SQL commands on the affected system” rated by Check Point Software technologies as “critical”.

There is also a side-channel attack identified by researcher Johannes Schmitt of Scrutinizer and a bug found by Mohamed Baset that enables attackers to lock posts.

The last upgrade, to Wordpress 4.2.3, was just weeks ago, on 24 July, following an XSS vulnerability.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike