The folks over at WordPress released a security and maintenance update for the self-hosted software recently. If you haven’t already updated your site, you should go make a backup of your site and update it as soon as you can.
The security fixes included in this release are:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts or reassigning the post’s authorship.
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
- Multiple fixes for cross-site scripting.
- Avoid disclosing a full file path when a upload fails.
Read the official blog post from WordPress.org or check out the the release notes or consult the list of changes for more information.
Need help maintaining your site and keeping it up to date? We have packages to give you peace of mind.