WordPress Patches 3 Security Flaws

Must Read

7Caps Free On-Screen Caps Lock Indicator Review

Many laptops and keyboards don't come with an indicator for your caps lock key. Num Lock is...

Are Lithium-Ion Batteries Recyclable?

Electric vehicles are growing every day, and they are certainly going to be the future of automotive...

NASA demonstrates its first all-electric aircraft

NASA has demonstrated it's first all-electric experimental which they have dubbed as the X-57 Maxwell. Its first...
Scott Hartleyhttps://www.sertmedia.com
My name is Scott Hartley I am from Nashville, TN, and love to cover topics related to the latest tech trends, social media, and cars!

WordPress has released an update that has patched three security flaws in the CMS including a cross-site scripting (XSS) vulnerability, and an SQL Injection problem which could lead to infection as the ability to access taxonomy information even if the user did not have permission to do so.

These vulnerabilities affect all versions of WordPress below the latest (4.7.2). The bug was first reported by David Herrerra of Alley Interactive which reveals taxonomy terms in the “Press This” function — used to publish posts through browsers — to users that do not have permission to see it.

The second vulnerability was found by Mo Jangda a security researcher. The vulnerability was found in the WP_Query process and its used to get access to variables and functions in the WordPress Core. The issue lied in the way the system was passing data as this process made the system vulnerable to SQL Injection attacks.

This is the second point release of WordPress 4.7 and this release followed a previous release just two weeks earlier (4.7.1) which fixed eight problems that could have led to remote attacks including, XSS vulnerabilities, and a remote code execution bug in PHPMailer, as well as a cross-site request forgery flaw.

WordPress users are urged to download the latest version of WordPress manually or by clicking the update now button within the CMS. Automatic updates are also being rolled out to websites and hosts that support this feature.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

7Caps Free On-Screen Caps Lock Indicator Review

Many laptops and keyboards don't come with an indicator for your caps lock key. Num Lock is...

Are Lithium-Ion Batteries Recyclable?

Electric vehicles are growing every day, and they are certainly going to be the future of automotive technology. However, the cars are...

NASA demonstrates its first all-electric aircraft

NASA has demonstrated it's first all-electric experimental which they have dubbed as the X-57 Maxwell. Its first test flight is going to...

Tesla to launch version three of solar roof tiles on October 25, 2019

Tesla is going to launch a new version of its solar roof tiles line up tomorrow October 25, 2019.

Huawei VR Glass Will Launch This December In China

Huawei will finally be launching its own virtuality reality headset. The device has been dubbed the Huawei VR Glass. This has been...

More Articles Like This