Jade Cadelina

A Sydney based Professional and Solutions Architect of Internet Websites and Corporate Intranets.

A Sydney based Professional and Solutions Architect of Internet Websites and Corporate Intranets.
• Home • About •
• Enterprise • Innovation •
• Contact •

  • Facebook
  • LinkedIn
  • Twitter

Produced by Jade Cadelina
Google+ | Privacy | Terms of Use

You are here: Home / Technology / WordPress 4.2.1 critical security release is now available

WordPress 4.2.1 critical security release is now available

May 4, 2015 by Jade CADELINA

Download WordPress 4.2.1 critical security release. WordPress 4.2.1 fixes a critical cross-site scripting (XSS) vulnerability, which could enable commenters to compromise a site.
This is a critical security release for all previous versions and WordPress strongly encourage everyone using WordPress to update your sites immediately.

Vulnerability

The vulnerability was discovered by Jouko Pynnönen.
An overview from Jouko’s website.

Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed.

If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.

Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.

Solution

  1. To prevent exploitation, administrators should disable comments (Dashboard, Settings/Discussion, select as restrictive options as possible). Do not approve any comments.
  2. Download WordPress 4.2.1
  3. Go to your Dashboard → Updates and simply click “Update Now”.

Sources: WordPress 4.2.1, Jouko Pynnönen

Filed Under: Technology, Web CMS

Follow Me

Recent Posts

  • Pale Blue Dot
  • A glimpse of the future through an augmented reality headset
  • Inside the World’s First $1 Million Drone Race
  • WordPress 4.4.1 Security and Maintenance Release
  • WordPress 4.2.2 Security and Maintenance Release
  • WordPress 4.2.1 critical security release is now available