4 critical vulns fixed in Wordpress 4.2.4

ImageNews from out there about new technologies.

It will be updated when possible.
User avatar
Site developer
Site developer
Posts: 1084
Joined: Thursday March 25th, 2004 21h45:21
Location: Behind YOU

4 critical vulns fixed in Wordpress 4.2.4

Postby Juanm » Thursday August 6th, 2015 00h07:51

1 potential SQL injection
1 potential timing side-channel attack
From blog post
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

Update as soon as possible.
Blogs with automatic update on should have already received this email on August 4th 2015

Howdy! Your site at [site address] has been updated automatically to WordPress 4.2.4.

No further action is needed on your part. For more on version 4.2.4, see the About WordPress screen:

Code: Select all

http://[your blog URL]/wp-admin/about.php

If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.

The WordPress Team

Return to “Tech news”

Who is online

Users browsing this forum: CommonCrawl [Bot] and 0 guests