PHPMailer Vulnerability and WordPress

There’s lots of panic around the holidays regarding CVE-2016-10033 – a critical vulnerability in the PHPMailer library, which allows an attacker to inject custom command-line commands and have the webserver execute them (RCE – remote code execution). WordPress uses PHPMailer, yet there hasn’t been an update yet (see trac ticket #37210), the ticket hasn’t been marked as critical…

Continue reading →

WordPress 4.6.1

WordPress 4.6.1 is a security and maintenance release. It patches an XSS and path traversal vulnerabilities found in previous versions of the core software, and also fixes a few bugs found in the 4.6 release.

Continue reading →

WordPress 4.2.2 Maintenance and Security Release

WordPress 4.2.2 is available for download, which is a maintenance and security release for all previous version of the core software. The new version fixes several bugs found in version 4.2, and addresses a high-risk XSS vulnerability in the popular Genericons icons pack, used by hundreds of themes and plugins.

Continue reading →

WordPress 4.2.1

WordPress 4.2.1 has been released, which is a security patch for all previous versions. It fixes a high-risk XSS vulnerability in the core commenting functionality.

Continue reading →