Skip to main content
  1. Home
  2. Computing
  3. News

Your WordPress site could be vulnerable to attack, update it right away

By

wordpress version released to fix six serious vulnerabilities wordpressheader
Shutterstock
We all have to deal with security patches and updates that try to keep our systems safe from the ever-increasing levels of cybercrime. If you’re a webmaster, then you have at least one more system than most other people that you need to keep up to date, specifically software that runs your website.

Most recently, one of the most popular web publishing systems around, WordPress, suffered some serious vulnerabilities and its developers published a new version to address them. Consider this a public service announcement — if you’re running WordPress, then you want to upgrade to version 4.7.3 immediately, WeLiveSecurity reports.

Recommended Videos

The six vulnerabilities that researchers identified are as follows:

  • Cross-site scripting (XSS) via media file metadata.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Fortunately, the researchers first privately let the WordPress team know of the vulnerabilities early, allowing the development and rollout of a fix before the vulnerabilities were publicly disclosed. That fix is available now for all self-hosted WordPress sites and if your site is set to automatically update, then you might already have received it.

Related

If your site isn’t set to automatically update, then you’ll want to back it up first. If you have a staging site, then you will want to test there first to make sure nothing breaks when the update is applied. Then, just go to the WordPress admin panel, select Dashboard > Updates, and follow the instructions. While you’re at it, you can check to see if any of your WordPress plugins need updating and get them current as well. Plugin vulnerabilities can be just as damaging as those in the core WordPress system.

If you’re running a site on WordPress.com, which is administered by Automattic, then your site will already have been updated and these vulnerabilities, at least, will have been patched. If not, then your job of webmaster just got another important task that you will likely want to check off sooner rather than later.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Best printer deals: 10+ cheap printers on sale as low as $79
An HP OfficeJet Pro 9015e all-in-one printer rests on a white table with plants and a thumb drive beside it.

Even though going digital has become easier than ever, there is still a need to print, especially if you're a small or medium business. Luckily, the world of printers hasn't slowed down at all in the past few years, so whether you need to print character sheets for your D&D campaign or receipts for your business, there are a lot of printers to pick from. In fact, some of the best printer brands on the market have a lot of solid options, including in the budget range for those who don't need a ton of printing. And while it may be hard to find a good deal on the best printers, we're pretty sure our collection of deals will get you pretty close.
Canon Pixma TR4722 -- $79, was $99

While it isn’t one of the best all-in-one printers, it’s certainly one of the most affordable. There’s something to be said about a printer that can come in at such a low price yet still offer quality printing. This printer will work well in any home, apartment, or dorm room setting. It even goes beyond printing and is capable of making copies, scanning, and faxing. It connects easily to your devices with built-in wireless connectivity, and it can print at a rate of about nine pages per minute monochrome and four pages per minute color.

Read more
Save $450 on this 17-inch HP gaming laptop with an RTX 4060
An HP Omen 17 laptop on a desk.

Over at HP, there are some excellent gaming laptop deals with $450 off the HP Omen 17t gaming laptop. Usually it costs $1,700, but right now you can buy the gaming laptop for $1,250 so you save $450 off the regular price. A great deal for anyone who wants a mid-range gaming laptop for less, let’s take a look at what it offers before you tap the buy button below.

Why you should buy the HP Omen 17t
HP isn’t listed on our look at the best gaming laptop brands but it’s still well worth considering thanks to the Omen range being pretty good for gaming. This particular model has a 13th-generation Intel Core i7-13700Hx processor paired up with 16GB of memory and 512GB of SSD storage.

Read more
Best VPN deals: Save on NordVPN, ExpressVPN, and Surfshark
A close-up of a computer monitor displaying a generic VPN.

There are a lot of things online that might require the use of VPN, whether it's avoiding something like geoblocks, or trying to protect your identity online. Either way, VPNs have become ubiquitous these days, and some of the best VPN services provide you with a suite of services beyond just a VPN. That can include things like adblocking or, in the case of something like Proton, potentially a whole suite of services such as email and cloud storage. Whatever you're looking for, though, there's likely a great VPN for you, which is why we've gone and collected the best VPN deals across the board so that you don't have to do the extra legwork.

Nord VPN 12-month basic subscription -- $69, was $124

Read more