Skip to main content

Your WordPress site could be vulnerable to attack, update it right away

We all have to deal with security patches and updates that try to keep our systems safe from the ever-increasing levels of cybercrime. If you’re a webmaster, then you have at least one more system than most other people that you need to keep up to date, specifically software that runs your website.

Most recently, one of the most popular web publishing systems around, WordPress, suffered some serious vulnerabilities and its developers published a new version to address them. Consider this a public service announcement — if you’re running WordPress, then you want to upgrade to version 4.7.3 immediately, WeLiveSecurity reports.

Recommended Videos

The six vulnerabilities that researchers identified are as follows:

  • Cross-site scripting (XSS) via media file metadata.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Fortunately, the researchers first privately let the WordPress team know of the vulnerabilities early, allowing the development and rollout of a fix before the vulnerabilities were publicly disclosed. That fix is available now for all self-hosted WordPress sites and if your site is set to automatically update, then you might already have received it.

If your site isn’t set to automatically update, then you’ll want to back it up first. If you have a staging site, then you will want to test there first to make sure nothing breaks when the update is applied. Then, just go to the WordPress admin panel, select Dashboard > Updates, and follow the instructions. While you’re at it, you can check to see if any of your WordPress plugins need updating and get them current as well. Plugin vulnerabilities can be just as damaging as those in the core WordPress system.

If you’re running a site on WordPress.com, which is administered by Automattic, then your site will already have been updated and these vulnerabilities, at least, will have been patched. If not, then your job of webmaster just got another important task that you will likely want to check off sooner rather than later.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Watch how NASA is using VR to prep for upcoming moon missions
NASA using VR for training.

NASA is aiming to put astronauts back on the lunar surface in the Artemis III mission, currently scheduled for 2027. While the date could slip, the space agency will continue with training and other preparation for the highly anticipated mission, so that when the day for launch does finally come, the crew will be ready.

NASA's Johnson Space Center in Houston, Texas, has just dropped a video (top) showing how it’s utilizing virtual reality (VR) technology to prepare astronauts for spacewalks -- also known as extravehicular activities (EVAs) -- on the moon’s surface. 

Read more
Plaud Note, the professional-tier AI notetaker, is 20% off for Prime Day
Four colleagues have a conversation around a Plaud Note AI notetaker.

Lately, as I've been working through stressful hospital visits with family, I've encountered something I haven't in quite awhile. As I hear doctors, nurses, and family say things, I'll be completely unable to remember them moments later. There's just too much going on all at once. Early in my career I encountered the same issue. There were just so many new facets of what I was doing entering my head all at once, from many sources, that it was impossible to keep track of it all. If only there were AI notetaking tools that have helped me through this. AI notetaking tools like Plaud Note and Plaud NotePin, which are both 20% off for Prime Day (from $159 to $127 for either device, saving you $32) and available by tapping the button below.

PLAUD Note Voice Recorder

Read more
Still shopping? Amazon Prime Day deals going strong into day 4
We're bringing you the best Prime Day deals throughout the sales period
Best Prime Day Gift Card Deals

It’s the fourth and final day of the longest ever Amazon Prime Day event, and if you thought the best deals were behind us, think again. Amazon’s stretching this year’s event across four full days (July 8 -11 ) which means price drops are still rolling in hot, with fresh discounts landing on everything from big-name tech to everyday essentials.

There have been stellar savings so far, with the AirPods Pro 2 heading down to $149 as the best saving we've seen.

Read more