The WordPress team has released WordPress 4.1.2 today to fix a critical cross-site scripting vulnerability.
Quote:
|
WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
|
https://wordpress.org/news/2015/04/wordpress-4-1-2/
Additionally Sucuri posted a Critical Advisory regarding multiple WordPress plugin vulnerabilities:
Quote:
|
Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions
|
https://blog.sucuri.net/2015/04/secu...s-plugins.html
It is strongly recommended that all sites running WordPress update to Version 4.1.2 as soon as
possible as well as update any plugins that the Dashboard shows a newer version available for.
As always FutureQuest encourages anyone running any scripts, such as
WordPress, to ensure they maintain the most up to date version and install
any patches released to reduce the chances of a compromise of your site.
This also includes any plugins, addons and themes...
It is always best to subscribe to any Security or Update mailing list provided
by the Authors of the script(s) you are running.
The FutureQuest Team
Linear Mode
