WordPress Critical Security Announcement

As of today, several vulnerabilities were discovered and patched within WordPress. The most critical of these is a cross-site scripting vulnerability which allows malicious comments to be left, and when seen, can execute unauthorized code as the administrator user in versions 3.0-3.9.2.

Although 4.0 is not affected by this particular vulnerability, several other vulnerabilities were discovered to affect WordPress 4.0 in which users are highly encouraged to upgrade to the lastest 4.0.1 release to avoid potential compromise.

Who is affected?

All WordPress users that are not running the latest version of WordPress (4.0.1) are potentially vulnerable to attack. While the most severe vulnerability resides in 3.9.2 or earlier, 4.0 users are still vulnerable to an extent and should update immediately.

How can I protect myself?

Updating your WordPress installation immediately to the latest version (4.0.1) will resolve these issues.

More information:

WordPress 4.0.1 security release announcement

WPScan Vulnerability database

Leave a Reply