Your WordPress site could be vulnerable to attack, update it right away

wordpress version released to fix six serious vulnerabilities wordpressheader
Shutterstock
We all have to deal with security patches and updates that try to keep our systems safe from the ever-increasing levels of cybercrime. If you’re a webmaster, then you have at least one more system than most other people that you need to keep up to date, specifically software that runs your website.

Most recently, one of the most popular web publishing systems around, WordPress, suffered some serious vulnerabilities and its developers published a new version to address them. Consider this a public service announcement — if you’re running WordPress, then you want to upgrade to version 4.7.3 immediately, WeLiveSecurity reports.

The six vulnerabilities that researchers identified are as follows:

  • Cross-site scripting (XSS) via media file metadata.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Fortunately, the researchers first privately let the WordPress team know of the vulnerabilities early, allowing the development and rollout of a fix before the vulnerabilities were publicly disclosed. That fix is available now for all self-hosted WordPress sites and if your site is set to automatically update, then you might already have received it.

If your site isn’t set to automatically update, then you’ll want to back it up first. If you have a staging site, then you will want to test there first to make sure nothing breaks when the update is applied. Then, just go to the WordPress admin panel, select Dashboard > Updates, and follow the instructions. While you’re at it, you can check to see if any of your WordPress plugins need updating and get them current as well. Plugin vulnerabilities can be just as damaging as those in the core WordPress system.

If you’re running a site on WordPress.com, which is administered by Automattic, then your site will already have been updated and these vulnerabilities, at least, will have been patched. If not, then your job of webmaster just got another important task that you will likely want to check off sooner rather than later.

Gaming

‘PlayerUnknown’s Battlegrounds’ parachutes onto PlayStation 4 on December 7

Following months of speculation, PUBG Corp. has announced that PUBG is coming to PS4 on December 7. The PS4 version includes all three maps and major features, and you can get some PlayStation-themed apparel items by pre-ordering.
Computing

Windows Update not working after October 2018 patch? Here’s how to fix it

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you, step by step.
Computing

Recover your beloved data with these great software tools

The best data recovery software isn't always free, but whether you've lost files on a hard drive, SD card, or even physical media like CDs and DVDs, there's a chance they'll be able to get that data back.
Computing

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Computing

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $7 to $130. Happy shopping!
Computing

How to easily record your laptop screen with apps you already have

Learning how to record your computer screen shouldn't be a challenge. Lucky for you, our comprehensive guide lays out how to do so using a host of methods, including both free and premium utilities, in both MacOS and Windows 10.
Emerging Tech

Microsoft’s friendly new A.I wants to figure out what you want — before you ask

Move over Siri and Alexa! Microsoft wants to build a new type of virtual assistant that wants to be your friend. Already making waves in Asia, could this be the future of A.I. BFFs?
Gaming

Want to gift a Steam game so you can play with a friend? Here's how to do it

The holidays may have passed, but it's always a good time to give the gift of gaming (especially when there's a Steam sale)! Here's our quick guide on how to give a Steam game as a gift.
Computing

Multi-monitor issues? Here's how to resolve them

If you're running into multi-monitor problems, you're not alone. Two screens are very useful, but they can present some difficulties. Here are some common multi-monitor problems and how to fix them.
Computing

Capture screenshots with print screen and a few alternative methods

Capturing a screenshot of your desktop is easier than you might think, but it's the kind of thing you'll probably need to know. Here's how to perform the important function in just a few, easy steps.
Emerging Tech

Awesome Tech You Can’t Buy Yet: A.I. selfie drones, ‘invisible’ wireless chargers

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Deals

The best MacBook deals for November 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Deals

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…
Computing

All the best deals on Surface products for Black Friday

A number of retailers are discounting Surface devices for Black Friday. Be it the Surface Pro 2017, Surface Pro 6, or the Surface Go, here's a look at how (and where) you can save big on Surface this holiday season.