Skip to main content

Your WordPress site could be vulnerable to attack, update it right away

wordpress version released to fix six serious vulnerabilities wordpressheader
Shutterstock
We all have to deal with security patches and updates that try to keep our systems safe from the ever-increasing levels of cybercrime. If you’re a webmaster, then you have at least one more system than most other people that you need to keep up to date, specifically software that runs your website.

Most recently, one of the most popular web publishing systems around, WordPress, suffered some serious vulnerabilities and its developers published a new version to address them. Consider this a public service announcement — if you’re running WordPress, then you want to upgrade to version 4.7.3 immediately, WeLiveSecurity reports.

Recommended Videos

The six vulnerabilities that researchers identified are as follows:

  • Cross-site scripting (XSS) via media file metadata.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Fortunately, the researchers first privately let the WordPress team know of the vulnerabilities early, allowing the development and rollout of a fix before the vulnerabilities were publicly disclosed. That fix is available now for all self-hosted WordPress sites and if your site is set to automatically update, then you might already have received it.

If your site isn’t set to automatically update, then you’ll want to back it up first. If you have a staging site, then you will want to test there first to make sure nothing breaks when the update is applied. Then, just go to the WordPress admin panel, select Dashboard > Updates, and follow the instructions. While you’re at it, you can check to see if any of your WordPress plugins need updating and get them current as well. Plugin vulnerabilities can be just as damaging as those in the core WordPress system.

If you’re running a site on WordPress.com, which is administered by Automattic, then your site will already have been updated and these vulnerabilities, at least, will have been patched. If not, then your job of webmaster just got another important task that you will likely want to check off sooner rather than later.

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Just buy a new laptop? Here’s how to know if you should return it
An Apple MacBook Pro 14 sits open on a table.

So, you just bought a shiny new laptop and pulled it out of its box. You're dying to fire it up and start playing around with it -- I still have that feeling even after unboxing over 200 different machines. Each one is new and different, and that appeals to the part of our brains that craves novelty.

But there's no worse feeling than realizing there's a problem with it after your return period ends. There's no good reason to hold on to a machine with a significant flaw when a simple return is available, so here are a few things to look for that can help you avoid getting stuck with a lemon or spending hours dealing with warranty support.

Read more
How to take a screenshot on a Windows PC or laptop
Dell XPS 15 OLED laptop sitting on a small table.

Screenshots are incredibly helpful for capturing images on your desktop, but the method for taking one on a Windows laptop or PC may not be immediately obvious if you haven't done it before.

Read more
Leaked MSI presentation shows that Ryzen 9000X3D may fail to impress
AMD Ryzen 7 7800X3D sitting on a motherboard.

AMD's 3D V-Cache CPUs have been atop the list of the best gaming processors ever since the 5800X3D launched in 2022. It's no wonder that many gamers are anticipating the 9000X3D lineup, especially because the non-3D Zen 5 failed to move the needle in gaming scenarios. However, according to a new leak from a surprising source, we might not see much of a change going from the 7000X3D to the 9000X3D.

The information comes from a leaked MSI presentation that was reportedly posted by HardwareLuxx following a tour of the MSI factory. The slides appear to have been taken down, but other sources, such as VideoCardz, preserved them for all of us to see. Keep in mind that even though these look like they contain official MSI data, nothing is confirmed until the processors are out and being tested by reviewers.

Read more