There’s lots of panic around the holidays regarding CVE-2016-10033 – a critical vulnerability in the PHPMailer library, which allows an attacker to inject custom command-line commands and have the webserver execute them (RCE – remote code execution). WordPress uses PHPMailer, yet there hasn’t been an update yet (see trac ticket #37210), the ticket hasn’t been marked as critical…
WordPress 4.6.1 is a security and maintenance release. It patches an XSS and path traversal vulnerabilities found in previous versions of the core software, and also fixes a few bugs found in the 4.6 release.
When your WordPress site is essential to your business, you need to be thinking about performance and security all the time. Here at Pressjitsu we’re a bit obsessed with both, so we crafted a free online tool to benchmark your WordPress site.
The WordPress Core Team has released version 4.2.4, which is a security and maintenance update. All WordPress users are encouraged to upgrade immediately.
The WordPress core team has shipped version 4.2.3, which is a security and maintenance release for all previous versions of the core software.
WordPress 4.2.2 is available for download, which is a maintenance and security release for all previous version of the core software. The new version fixes several bugs found in version 4.2, and addresses a high-risk XSS vulnerability in the popular Genericons icons pack, used by hundreds of themes and plugins.
WordPress 4.2.1 has been released, which is a security patch for all previous versions. It fixes a high-risk XSS vulnerability in the core commenting functionality.
Jouko Pynnönen of Klikki Oy has recently disclosed an XSS vulnerability affecting core WordPress versions 4.2 and below. The vulnerability allows the attacker to take full control of a WordPress-powered website.
The WordPress core team has released version 4.1.2 which is a critical security release. It addresses a high-risk XSS vulnerability as well as three other security issues.