This morning WordPress issued a critical security release to fix a vulnerability that could’ve compromised the security of millions of websites.

The good news it that this update has been completed for your website as part of your WordPress Maintenance Plan.

Cross-site scripting, or XSS, is a vulnerability in the code of Web applications that opens up the target (i.e. website) to attacks, and it’s one of the most common conduits used by hackers.

With these vulnerabilities in the code, hackers are able to embed malicious HTML, Flash, JavaScript, and other code to “fool” the user into executing a script on their computer. This can lead to the collection of user data, including cookies stored on the machine.

 

Issue: WordPress has released an update (4.2.3). This is a critical update
Status: Update has been released and all client websites have been updated to latest version.
Who is impacted? Websites running anything less than 4.2.3.

 

If you are not on a TWS Maintenance Plan you can still update WordPress, all you need to do is just go to the main WordPress “Dashboard”, then “Updates” and click “Update Now.” And you are done. However, it would be wise to make sure you have a back up in place prior to updating. As always, if there are any issues you cannot resolve after the update we are happy to help you get back on track.

Share This