Technology 2 min read

New WordPress Update Fixes Several XSS Vulnerabilities

Grey82 / Shutterstock.com

Grey82 / Shutterstock.com

WordPress has released a security and maintenance update (WordPress 5.4.1) to fix several vulnerabilities in its system, including seven security bugs.

The new WordPress update addresses multiple Cross-site scripting (XSS) vulnerabilities.

Cross-site scripting (XSS) security flaw can enable hackers to inject a malicious script into a vulnerable web page. It exists in two forms: the XSS and the Authenticated XSS.

An authenticated cross-site scripting (Authenticated XSS) is not so different from the regular XSS. Only this time, the attack occurs when a user — whether it’s site member to administrator — logs into the website.

Along with attacking site visitors, hackers can also use XSS vulnerabilities to alter a WordPress web page. It can serve as a first wave of attack to unlock the way for more serious security threats.

For this reason, it’s essential to stay on top of this threat. Luckily, the new WordPress update does just that.

In a blog post announcement, technical Account Engineer at Automattic, Jake Spurlocksaid:

“Seven security issues affect WordPress versions 5.4 and earlier. If you haven’t yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the security issues.”

There’s more.

Not All Websites Will Get the WordPress Update Automatically

According to Spurlock, the company has automatically updated all versions of WordPress, starting from WordPress 3.7.

That means any WordPress installation that’s lower than 3.7 did not receive the update automatically. Since the XSS vulnerabilities affect all versions of WordPress under 5.4, it’s safe to say that the versions less than 3.7 are still at risk.

So, if you’re using an older WordPress installation, you may want to update to the latest version to avoid the security flaws. 

Spurlock noted:

“This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately.”

Visit WordPress.org to download the latest WordPress 5.4.1. Alternately, you could click the Updates icon on your Dashboard, and select Update Now.

Read More: Hackers are Currently Exploiting These WordPress Plugins

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Sumbo Bello know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Sumbo Bello

Sumbo Bello is a creative writer who enjoys creating data-driven content for news sites. In his spare time, he plays basketball and listens to Coldplay.

Comments (0)
Least Recent least recent
You
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.