WordPress 4.0.1 update – important security fixes

All my blogs use WordPress.

Why WordPress ? Because it is customizable and I can tweak it in any way I want… Well, almost…

But from time to time there is the need to update it. Yesterday the update 4.0.1 was release which fixes important security bugs:

  • Three cross-site scripting issues that a contributor or author could use to compromise a site
  • A cross-site request forgery that could be used to trick a user into changing their password.
  • An issue that could lead to a denial of service when passwords are checked.
  • Additional protections for server-side request forgery attacks when WordPress makes HTTP requests.
  • An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008
  • WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address.

Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos.

My ISP can’t update it automatically, so I have to update it manually.

But it is not hard to do that and so far I managed to never break it. 🙂

Most important of all: make a backup !

Read here is how to update it!

 

Have fun!

 

PS: All my sites have 4.0.1 and are up to date!

 

 


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch