{"id":3455,"date":"2014-11-20T21:07:48","date_gmt":"2014-11-20T21:07:48","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/2014\/11\/20\/wordpress-critical-security-announcement\/"},"modified":"2021-08-16T22:56:07","modified_gmt":"2021-08-17T02:56:07","slug":"wordpress-critical-security-announcement","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/","title":{"rendered":"WordPress Critical Security Announcement"},"content":{"rendered":"

As of today, several vulnerabilities were discovered and patched within WordPress. The most critical of these is a cross-site scripting vulnerability which allows malicious comments to be left, and when seen, can execute unauthorized code as the administrator user in versions 3.0-3.9.2.<\/p>\n

Although 4.0 is not affected by this particular vulnerability, several other vulnerabilities were discovered to affect WordPress 4.0 in which users are highly encouraged to upgrade to the lastest 4.0.1 release to avoid potential compromise.<\/p>\n

Who is affected?<\/h2>\n

All WordPress users that are not running the latest version of WordPress (4.0.1) are potentially vulnerable to attack. While the most severe vulnerability resides in 3.9.2 or earlier, 4.0 users are still vulnerable to an extent and should update immediately.<\/p>\n

How can I protect myself?<\/h2>\n

Updating your WordPress installation<\/a> immediately to the latest version (4.0.1) will resolve these issues.<\/p>\n

More information:<\/h2>\n

WordPress 4.0.1 security release announcement<\/a><\/p>\n

WPScan Vulnerability database<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

As of today, several vulnerabilities were discovered and patched within WordPress. The most critical of these is a cross-site scripting vulnerability which allows malicious comments to be left, and when seen, can execute unauthorized code as the administrator user in versions 3.0-3.9.2. Although 4.0 is not affected by this particular vulnerability, several other vulnerabilities were Read More ><\/a><\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4299,4325,56],"tags":[],"class_list":["post-3455","post","type-post","status-publish","format-standard","hentry","category-security","category-wordpress-hosting","category-wordpress"],"acf":[],"yoast_head":"\nWordPress Critical Security Announcement | InMotion Hosting<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress Critical Security Announcement | InMotion Hosting\" \/>\n<meta property=\"og:description\" content=\"As of today, several vulnerabilities were discovered and patched within WordPress. The most critical of these is a cross-site scripting vulnerability which allows malicious comments to be left, and when seen, can execute unauthorized code as the administrator user in versions 3.0-3.9.2. Although 4.0 is not affected by this particular vulnerability, several other vulnerabilities were Read More >\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2014-11-20T21:07:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-17T02:56:07+00:00\" \/>\n<meta name=\"author\" content=\"Jeff Matson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Matson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/\"},\"author\":{\"name\":\"Jeff Matson\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/83776252b196c020e4352a3796e5642b\"},\"headline\":\"WordPress Critical Security Announcement\",\"datePublished\":\"2014-11-20T21:07:48+00:00\",\"dateModified\":\"2021-08-17T02:56:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/\"},\"wordCount\":145,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"articleSection\":[\"Security\",\"WordPress Hosting\",\"WordPress Tutorials\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/\",\"name\":\"WordPress Critical Security Announcement | InMotion Hosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"datePublished\":\"2014-11-20T21:07:48+00:00\",\"dateModified\":\"2021-08-17T02:56:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress Critical Security Announcement\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support & Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/83776252b196c020e4352a3796e5642b\",\"name\":\"Jeff Matson\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/jeffma\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress Critical Security Announcement | InMotion Hosting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/","og_locale":"en_US","og_type":"article","og_title":"WordPress Critical Security Announcement | InMotion Hosting","og_description":"As of today, several vulnerabilities were discovered and patched within WordPress. The most critical of these is a cross-site scripting vulnerability which allows malicious comments to be left, and when seen, can execute unauthorized code as the administrator user in versions 3.0-3.9.2. Although 4.0 is not affected by this particular vulnerability, several other vulnerabilities were Read More >","og_url":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2014-11-20T21:07:48+00:00","article_modified_time":"2021-08-17T02:56:07+00:00","author":"Jeff Matson","twitter_card":"summary_large_image","twitter_creator":"@InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"Jeff Matson","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/"},"author":{"name":"Jeff Matson","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/83776252b196c020e4352a3796e5642b"},"headline":"WordPress Critical Security Announcement","datePublished":"2014-11-20T21:07:48+00:00","dateModified":"2021-08-17T02:56:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/"},"wordCount":145,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"articleSection":["Security","WordPress Hosting","WordPress Tutorials"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/","url":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/","name":"WordPress Critical Security Announcement | InMotion Hosting","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"datePublished":"2014-11-20T21:07:48+00:00","dateModified":"2021-08-17T02:56:07+00:00","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/edu\/wordpress\/wordpress-critical-security-announcement\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"WordPress Critical Security Announcement"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support & Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/83776252b196c020e4352a3796e5642b","name":"Jeff Matson","url":"https:\/\/www.inmotionhosting.com\/support\/author\/jeffma\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":null,"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/3455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=3455"}],"version-history":[{"count":1,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/3455\/revisions"}],"predecessor-version":[{"id":84161,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/3455\/revisions\/84161"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=3455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=3455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=3455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}