Post Now

All Websites Running Wordpress are Advised to Update Immediately to the Latest Version

Image

All website running in WordPress are strongly advised to update to the latest version released by the company immediately.The new version WordPress 4.8.3 was released by the company after finding a severe vulnerability in the earlier version.

In Capsule:

  1. Wordpress 4.8.3 was released by the company due to severe vulnerability discovered.
  2. An SQL injection vulnerability was discovered in the previous version
  3. The vulnerability was discovered by Anthony Ferrara and reported it to Wordpress
  4. User can download the latest version from the website or can be updated through "update now" option available in the dashboard of the admin console

All websites running WordPress are strongly advised to update to the latest version released by the company immediately.

The new version WordPress 4.8.3 was released by the company after finding a severe vulnerability in the earlier version.“WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability” said in the post published by WordPress.Anthony Ferrara who discovered the vulnerability said that he reported the vulnerability to the team the day after 4.8.2 was released and was ignored for weeks and when the team finally noticed it they wanted to fix a subset of the issue reported.He also said that “it became clear to me that releasing a partial fix was worse than no fix (for many reasons). So I decided the only way to make the team realize the full extent was a full disclosure of the issue. I started the process of going public by asking for Hosts and Plugin Developers to reach out to me so that we could coordinate the release.”
You may also like to read: Beware of Fake and Vulnerable Wordpress Plugins
The core issue is mitigated now, and he was frustrated and not happy with team reaction first, but he got far better towards the end said, Anthony.“Security reports should be treated “promptly,” but that doesn’t mean every second count (usually). I get that there are competing priorities. But show attention. Show that you’ve read what’s written. And if someone tells you it seems like you don’t understand something, stop and get clarification And ask for help.”All websites running in Wordpress are requested to update immediately by downloading the latest version from the WordPress website, or you can find an ‘update now’ option in the dashboard of the admin console.Wordpress sites which support automatic background updates will install updates automatically.
About the Author
[lgc_column grid="15" tablet_grid="25" mobile_grid="25" last="false"][/lgc_column][lgc_column grid="85" tablet_grid="75" mobile_grid="75" last="true" style="background-color: #ffffff;"]Ashique is a self motivated and passionate security analyst with a good knowledge in computer networking, security analysis, vulnerability assessment and penetration testing. [/lgc_column]