Another 'critical' upgrade for WordPress

News by SC Staff

Among new vulnerabilities patched in Wordpress 4.2.4 is CVE-2015-2213, an SQL injection vulnerability in Wordpress Comments that lets attackers “execute arbitrary SQL commands on the affected system” rated by Check Point Software technologies as “critical”.

There is also a side-channel attack identified by researcher Johannes Schmitt of Scrutinizer and a bug found by Mohamed Baset that enables attackers to lock posts.

The last upgrade, to Wordpress 4.2.3, was just weeks ago, on 24 July, following an XSS vulnerability.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews