Security Alert - 4/22/15 WordPress Update 4.12
Why was an update published?
WordPress versions 4.1.1 or earlier have been found to be vulnerable to cross-site scripting that could allow anonymous users to compromise a site. The WordPress security team discovered and fixed this issue. The update includes fixes for the following issues:
- Files with invalid or unsafe names could be uploaded (WordPress 4.1 or higher). Discovered by Michael Kapfer and Sebastian kraemer of HSASec.
- A limited cross-site scripting vulnerability could be used as part of a social engineering attack (WordPress 3.9 or higher). Discovered by Jakub Zoczek.
- Some plugins that were vulnerable to SQL injection. Discovered by Ben Bidner of the WordPress security team.
Check out the official announcement at the WordPress.org site.
What should I do?
WordPress strongly encourages you to update your sites immediately. For more information on upgrading, check out Updating WordPress through the WordPress Administrator.
Did you find this article helpful?
Tweet
Help Center Login
Related Questions
Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!