Wordpress has warned users of a "cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site" and urged all users "to update your sites immediately."
The patch comes in the form of WordPress 4.2.3, which fixes the XSS problem and plenty more besides. One of the newly-squished bugs is described as "an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft."
Most of the changes to version 4.2.3 appear to be bug fixes rather than bug stompers. The release is nonetheless billed as a "security release" and the post announcing it urges its swift application.
The good news is that WordPress is marvellously easy to upgrade: merely pressing the "Update Now" button does the job on many installs. The content management code also offers automated updating, an option not often used by those who use WordPress at scale or in heavily customised configurations but appreciated by those with basic blogs. ®
Sponsored: Flash Array Deployment: Download the Dummies Guide
Source: BURN ALL BLOGS. WordPress has a critical XSS flaw
No comments:
Post a Comment