WordPress Critical Security Announcement Updated on August 16, 2021 by Jeff Matson 0 Minutes, 42 Seconds to Read As of today, several vulnerabilities were discovered and patched within WordPress. The most critical of these is a cross-site scripting vulnerability which allows malicious comments to be left, and when seen, can execute unauthorized code as the administrator user in versions 3.0-3.9.2. Although 4.0 is not affected by this particular vulnerability, several other vulnerabilities were discovered to affect WordPress 4.0 in which users are highly encouraged to upgrade to the lastest 4.0.1 release to avoid potential compromise. Who is affected? All WordPress users that are not running the latest version of WordPress (4.0.1) are potentially vulnerable to attack. While the most severe vulnerability resides in 3.9.2 or earlier, 4.0 users are still vulnerable to an extent and should update immediately. How can I protect myself? Updating your WordPress installation immediately to the latest version (4.0.1) will resolve these issues. More information: WordPress 4.0.1 security release announcement WPScan Vulnerability database Share this Article Related Articles WP Cerber Security Antispam and Bot Detection Settings WP Cerber Security Tools Search for PunyCode Look-alikes With Hold Integrity IDN Checker How to Secure WordPress using Security Keys and Salts Resetting the cPanel Password in WHM How to Change your root Password in WHM How To Open a Port in UFW How to Stop and Disable Firewalld Content Security Policy (CSP) Headers – Complete Reference Guide Why You Need To Keep Your Website’s PHP Version Up-to-Date
