The Hacker News Logo
Subscribe to Newsletter

WordPress 4.2.3 Security Update Released, Patches Critical Vulnerability

wordpress-security-update
WordPress has just released the new version of its content management system (CMS), WordPress version 4.2.3, to fix a critical security vulnerability that could have been exploited by hackers to take over websites, affecting the security of its Millions of sites.

WordPress version 4.2.3 resolves a Cross-Site Scripting (XSS) flaw that could allow any user with the Contributor or Author role to compromise a website, Gary Pendergast of the WordPress team wrote in a blog post on Thursday.

Cross-site scripting is actually a vulnerability in the Web applications' code that opens up the target website to attacks. The vulnerability is one of the most favorite and commonly used flaws by cyber criminals.

According to the company, the vulnerability could allow hackers to embed maliciously-crafted HTML, JavaScript, Flash, or other code to bypass WordPress's kses protection by fooling users into executing a malicious script on their computer system.

This, in turn, leads to the collection of users' sensitive data, including cookies stored on their systems.

It is still unknown exactly how websites could be compromised using the flaw, as more details about the vulnerability aren't yet made available by the company.

Update your WordPress CMS Now!


All versions of WordPress from 4.2.2 and earlier are affected by the flaw, but you need not worry about it if you have Automatic Security Updates enabled.

However, if not, you are strongly recommended to update your WordPress CMS to version 4.2.3 as soon as possible.

To Update WordPress, all you need to do is just go to the main WordPress "Dashboard", then "Updates" and click "Update Now." And you are done.

Stay Safe! Stay Tuned!

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.