Recently, Google Webmaster has received a warning from WordPress for updating their Content Management System packages as soon as possible so that they can safeguard their domains from complicated WordPress vulnerabilities.
Back on Thursday, September 8, the CMS provider launched a security advisory along with the most recent WordPress version, 4.6.1. Presently available, the update fixes two serious issues related to WordPress securities, a path traversal security bug and a cross-site scripting flaw.
In order to perform multiple actions, a hacker can misuse this vulnerability, with the inclusion of crafting login credentials and session tokens and remote execution of malicious code also.
From the WordPress team, Dominik Schilling reported the second serious hole which is a path traversal flaw discovered inside the upgrade package uploader.
WordPress has fixed these issues in version 4.6.1; however, every prior version of the CMS is ready to exploit. Even, further 15 bugs from WordPress 4.6 were also patched by the CMS provider, including plugin install infinite loop flaws, peculiar thumbnail behaviors, and email server setup problems.
It is to be noted that back in June, WordPress security experts cautioned that more than 10,000 WP sites were at risk of attack because of the discovery of 0-day flaw inside the WP Mobile Detector plugin. See how to protect WordPress website security, tips, malware, firewall