Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Your WordPress site could be vulnerable to attack, update it right away

Mark Coppock
By

wordpress version released to fix six serious vulnerabilities wordpressheader
Shutterstock
We all have to deal with security patches and updates that try to keep our systems safe from the ever-increasing levels of cybercrime. If you’re a webmaster, then you have at least one more system than most other people that you need to keep up to date, specifically software that runs your website.

Most recently, one of the most popular web publishing systems around, WordPress, suffered some serious vulnerabilities and its developers published a new version to address them. Consider this a public service announcement — if you’re running WordPress, then you want to upgrade to version 4.7.3 immediately, WeLiveSecurity reports.

The six vulnerabilities that researchers identified are as follows:

  • Cross-site scripting (XSS) via media file metadata.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Fortunately, the researchers first privately let the WordPress team know of the vulnerabilities early, allowing the development and rollout of a fix before the vulnerabilities were publicly disclosed. That fix is available now for all self-hosted WordPress sites and if your site is set to automatically update, then you might already have received it.

If your site isn’t set to automatically update, then you’ll want to back it up first. If you have a staging site, then you will want to test there first to make sure nothing breaks when the update is applied. Then, just go to the WordPress admin panel, select Dashboard > Updates, and follow the instructions. While you’re at it, you can check to see if any of your WordPress plugins need updating and get them current as well. Plugin vulnerabilities can be just as damaging as those in the core WordPress system.

If you’re running a site on WordPress.com, which is administered by Automattic, then your site will already have been updated and these vulnerabilities, at least, will have been patched. If not, then your job of webmaster just got another important task that you will likely want to check off sooner rather than later.

Editors' Recommendations

MacBooks vs. Windows laptops: Here’s how to choose
The MacOS Monterey and Windows 11 about pages side by side
Nullmixer is a nasty, new Windows malware dropper
Windows shows a malware warning on a Dell laptop.
New malware can steal your credit card details — and it’s spreading fast
An individual surrounded by several computers typing on a laptop.
This new Windows 11 feature will help you protect your passwords
A man sits, using a laptop running the Windows 11 operating system.
Intel Arc A770 16GB vs. A770 8GB vs. Nvidia RTX 3060
The backs of the Arc A770 and Arc A750 graphics cards.
Intel Arc A750 vs. Nvidia RTX 3060
Intel Arc A770 GPU installed in a test bench.
Can I use an Intel Arc GPU with AMD Ryzen?
The Arc A770 graphics card running in a PC.
Intel Arc Alchemist: specs, pricing, release date, performance
Two intel Arc graphics cards on a pink background.
Microsoft Word Free Trial: Get a month of service for free
A person using MS Word.
NordVPN Free Trial: Try the service for free for a month
The best VPN for Mac is NordVPN.
CyberGhost Free Trial: Protect your browsing for free
The CyberGhost logo against a yellow background.
ExpressVPN Free Trial: Get a 30-day money-back guarantee
The ExpressVPN logo on a red background.
Arc GPU drivers are getting better, but Intel says it’s challenging
Intel head of Graphics Raja Koduri explains Arc driver troubles