Skip to main content

Your WordPress site could be vulnerable to attack, update it right away

wordpress version released to fix six serious vulnerabilities wordpressheader
Shutterstock
We all have to deal with security patches and updates that try to keep our systems safe from the ever-increasing levels of cybercrime. If you’re a webmaster, then you have at least one more system than most other people that you need to keep up to date, specifically software that runs your website.

Most recently, one of the most popular web publishing systems around, WordPress, suffered some serious vulnerabilities and its developers published a new version to address them. Consider this a public service announcement — if you’re running WordPress, then you want to upgrade to version 4.7.3 immediately, WeLiveSecurity reports.

Recommended Videos

The six vulnerabilities that researchers identified are as follows:

  • Cross-site scripting (XSS) via media file metadata.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
Please enable Javascript to view this content

Fortunately, the researchers first privately let the WordPress team know of the vulnerabilities early, allowing the development and rollout of a fix before the vulnerabilities were publicly disclosed. That fix is available now for all self-hosted WordPress sites and if your site is set to automatically update, then you might already have received it.

If your site isn’t set to automatically update, then you’ll want to back it up first. If you have a staging site, then you will want to test there first to make sure nothing breaks when the update is applied. Then, just go to the WordPress admin panel, select Dashboard > Updates, and follow the instructions. While you’re at it, you can check to see if any of your WordPress plugins need updating and get them current as well. Plugin vulnerabilities can be just as damaging as those in the core WordPress system.

If you’re running a site on WordPress.com, which is administered by Automattic, then your site will already have been updated and these vulnerabilities, at least, will have been patched. If not, then your job of webmaster just got another important task that you will likely want to check off sooner rather than later.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
I’ve experienced the next era of AI, and I’m never going back
Launching Gemini Deep Research query on Chrome desktop.

Ever since ChatGPT arrived on the scene, the hype around AI has only intensified. As talk of Artificial general intelligence (AGI) and “superintelligence” — yeah, OpenAI chief, Sam Altman, is now talking about that — heats up, we have another buzzword to deal with.

Say hello to Agentic AI. In simpler terms, AI agents that are supposed to automate a chunk of our digital chores. Think of Gems in the Google lexicon. Custom GPTs by OpenAI. Or Copilot Actions by Microsoft.

Read more
M4 Ultra: Everything we know about Apple’s mysterious Hidra chip
An official rendering of the Apple M4 chip.

Apple’s Mac engineers have been on a tear in recent years, with high-performance chips appearing at every turn. That’s led to a lot of fevered speculation about what Apple is planning next, with rumors running wild about a secretive chip codenamed “Hidra” that’s reportedly in the works.

If you’ve been wondering what to expect from the Hidra chip and want to make sense of all the rumors, you’re in the right place. We’ve combed the internet for all the latest ideas and collated them here, so you can find out everything you need to know about Apple’s upcoming superpowered chip. Read on to get in the know.
Which Macs will get the Hidra chip?

Read more
AMD just confirmed my fears about the RX 9000 series
Gigabyte's RX 9070 XT GPU.

Some thought that AMD's upcoming best graphics cards would be launching in a matter of days, but we now know that's not going to happen. According to David McAfee, vice president and general manager of AMD's Ryzen CPU and Radeon graphics division, the GPUs are doing great and will be widely available -- but not until March.

This delay is an interesting choice, given that some retailers were ready to open preorders on January 22. Multiple listings of the card from all over the world have been leaked at this point, and although we haven't seen almost any of its specifications, those listings implied that the cards were ready to go, or at least would soon be available.

Read more