WordPress has just released the new version of its content management system (CMS), WordPress version 4.2.3, to fix a critical security vulnerability that could have been exploited by hackers to take over websites, affecting the security of its Millions of sites.
WordPress version 4.2.3 resolves a Cross-Site Scripting (XSS) flaw that could allow any user with the Contributor or Author role to compromise a website, Gary Pendergast of the WordPress team wrote in a blog post on Thursday.
Cross-site scripting is actually a vulnerability in the Web applications' code that opens up the target website to attacks. The vulnerability is one of the most favorite and commonly used flaws by cyber criminals.
According to the company, the vulnerability could allow hackers to embed maliciously-crafted HTML, JavaScript, Flash, or other code to bypass WordPress's kses protection by fooling users into executing a malicious script on their computer system.
This, in turn, leads to the collection of users' sensitive data, including cookies stored on their systems.
It is still unknown exactly how websites could be compromised using the flaw, as more details about the vulnerability aren't yet made available by the company.
Update your WordPress CMS Now!
All versions of WordPress from 4.2.2 and earlier are affected by the flaw, but you need not worry about it if you have Automatic Security Updates enabled.
However, if not, you are strongly recommended to update your WordPress CMS to version 4.2.3 as soon as possible.
To Update WordPress, all you need to do is just go to the main WordPress "Dashboard", then "Updates" and click "Update Now." And you are done.
Stay Safe! Stay Tuned!