Raghwendra Web Services Blog helps You & Your Business Grow

rwsragh@gmail.com wdraghwendra
Logo

vulnerability / Security – WordPress Warns Users to Update 4.6.1

wordpress-vulnerability

Recently, Google Webmaster has received a warning from WordPress for updating their Content Management System packages as soon as possible so that they can safeguard their domains from complicated WordPress vulnerabilities.

Back on Thursday, September 8, the CMS provider launched a security advisory along with the most recent WordPress version, 4.6.1. Presently available, the update fixes two serious issues related to WordPress securities, a path traversal security bug and a cross-site scripting flaw.

Back in July, Cengiz Han, a SumOfPwn researcher discovered the XSS vulnerability at the bug bounty project of the Summer of Pwnage, which lets hackers use a crafted image file, inject vulnerable JavaScript code into the software by uploading the image file to the WordPress.

In order to perform multiple actions, a hacker can misuse this vulnerability, with the inclusion of crafting login credentials and session tokens and remote execution of malicious code also.

From the WordPress team, Dominik Schilling reported the second serious hole which is a path traversal flaw discovered inside the upgrade package uploader.

WordPress has fixed these issues in version 4.6.1; however, every prior version of the CMS is ready to exploit. Even, further 15 bugs from WordPress 4.6 were also patched by the CMS provider, including plugin install infinite loop flaws, peculiar thumbnail behaviors, and email server setup problems.

It is to be noted that back in June, WordPress security experts cautioned that more than 10,000 WP sites were at risk of attack because of the discovery of 0-day flaw inside the WP Mobile Detector plugin. See how to protect WordPress website security, tips, malware, firewall

 

By raghwendra

Me a freelance web developer from new delhi india. visit me