WordPress update fixes XSS issues

News by Greg Masters

Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.

Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.

The latest iteration, WordPress 4.6.1, rolled out on Wednesday to address two security issues: a cross-site scripting vulnerability via image filename, and a path traversal vulnerability in the upgrade package uploader, according to WordPress.org. The update also patches 15 other bugs in the underlying CMS codebase.

The popularity of the site combined with its integration of a variety of third-party plugins has made it target for attackers in the past.

According to security researcher Graham Cluley, this latest update patches "bugs in the main WordPress content management system itself," which, he pointed out, could make nearly every site using the blogging platform vulnerable.

Users are urged to visit their WordPress admin panel and choose Dashboard/Updates/Update Now. Users can also choose to implement automatic security updates.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike