The new WordPress update addresses multiple Cross-site scripting (XSS) vulnerabilities.
Cross-site scripting (XSS) security flaw can enable hackers to inject a malicious script into a vulnerable web page. It exists in two forms: the XSS and the Authenticated XSS.
An authenticated cross-site scripting (Authenticated XSS) is not so different from the regular XSS. Only this time, the attack occurs when a user — whether it’s site member to administrator — logs into the website.
Along with attacking site visitors, hackers can also use XSS vulnerabilities to alter a WordPress web page. It can serve as a first wave of attack to unlock the way for more serious security threats.
For this reason, it’s essential to stay on top of this threat. Luckily, the new WordPress update does just that.
In a blog post announcement, technical Account Engineer at Automattic, Jake Spurlock, said:
“Seven security issues affect WordPress versions 5.4 and earlier. If you haven’t yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the security issues.”
There’s more.
Not All Websites Will Get the WordPress Update Automatically
According to Spurlock, the company has automatically updated all versions of WordPress, starting from WordPress 3.7.
That means any WordPress installation that’s lower than 3.7 did not receive the update automatically. Since the XSS vulnerabilities affect all versions of WordPress under 5.4, it’s safe to say that the versions less than 3.7 are still at risk.
So, if you’re using an older WordPress installation, you may want to update to the latest version to avoid the security flaws.Â
Spurlock noted:
“This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately.”
Visit WordPress.org to download the latest WordPress 5.4.1. Alternately, you could click the Updates icon on your Dashboard, and select Update Now.
Comments (0)
Most Recent