Tuesday, September 29, 10:03
Home security WP 4.3.1 | Was posted an emergency security update for Wordpress

WP 4.3.1 | Was posted an emergency security update for WordPress

-The updated version of it WordPress fixes total 29 vulnerabilities

- Platform users are urged to proceed immediately to upgrade.


The WordPress Security Team released an emergency security update to identify three critical issues, and more specifically two cross-site scripting vulnerabilities (XSS) and a potential privilege escalation error.

According to the official changelog of the company, the first XSS error was identified by the WordPress researcher and member of the WordPress Security Team, Ben Bidner, and can be exploited through the WP List Tables. Additional details were not released for user safety reasons.

The other two vulnerabilities were revealed by researchers from Check Point, Shahar Tal and Netanel Rubin, who presented their findings in an extensive blog post: http://blog.checkpoint.com/vulnerabilities

A critical XSS vulnerability affects the WordPress shortcode processor

The first vulnerability detected by the Check Point team (CVE-2015-5714) affects the WordPress version of 4.3 as well as all previous versions, and is the way in which shortcodes are processed (small text fragments which are read and interpreted by the CMS in accordance with predefined rules).

A privilege escalation bug allows unauthorized users to post blog posts

The second vulnerability detected by the researchers (CVE-2015-5715) is a major privilege escalation flaw that can be exploited through simple malicious HTTP requests, which under certain circumstances allows subscribers to publish a private blog posts. In addition to the vulnerabilities specified in this release, the WordPress team made 26 additional bug fixes.

All platform users are advised to upgrade to the latest version as soon as possible.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Nat BotPak
LIFE IS TOO SHORT to remove usb safely

LIVE NEWS

The 4 largest shipping companies in the world are victims of cyberattacks

Another shipping company was attacked by a cyber. The French CMA CGM was attacked by ransomware, which means that now ...

The price of stolen RDP passwords is reduced

Cybercriminals reduce the value of RDP passwords. This move indicates how leaked usernames and ...

How to change the "server region" in Discord

Discord automatically selects a server region through which it routes your voice communications. However, you may find that the choice ...

Violations of the banking code are on the rise

The two most common obligations of the Code of Banking Practice, which are violated more often by financial institutions, are privacy and ...

How to control which CPU your Mac uses

The Central Processing Unit (CPU) is the control unit of your Mac. Its features determine how quickly your information is processed by ...

NASA: Looking for ideas for continuing missions in the dark

NASA wants ideas to continue missions to the moon in the dark, something that could be the key to ...

Amazon: What is Prime Day 2020 and when is it?

Prime Day is basically Amazon Black Friday. Below you will see all the relevant information we know so far about ...

TikTok: The ban on taking is rejected by the court

A federal judge has ruled out a Trump administration attempt to ban TikTok downloads for users in the United States. The decision gave ...

Experian breach: sensitive information is circulating on the internet

According to the South African Banking Risk Center (SABRIC), on August 19 the consumer, credit and business information services organization, Experian, ...

Ransomware: What would happen if the ransom payment was illegal?

Police always advise ransomware victims not to pay for criminal gangs that have encrypted their systems - and there are ...