Skip to main content
  1. Home
  2. Computing
  3. News

Your WordPress site could be vulnerable to attack, update it right away

Mark Coppock
By

wordpress version released to fix six serious vulnerabilities wordpressheader
Shutterstock
We all have to deal with security patches and updates that try to keep our systems safe from the ever-increasing levels of cybercrime. If you’re a webmaster, then you have at least one more system than most other people that you need to keep up to date, specifically software that runs your website.

Most recently, one of the most popular web publishing systems around, WordPress, suffered some serious vulnerabilities and its developers published a new version to address them. Consider this a public service announcement — if you’re running WordPress, then you want to upgrade to version 4.7.3 immediately, WeLiveSecurity reports.

Recommended Videos

The six vulnerabilities that researchers identified are as follows:

  • Cross-site scripting (XSS) via media file metadata.
  • Control characters can trick redirect URL validation.
  • Unintended files can be deleted by administrators using the plugin deletion functionality.
  • Cross-site scripting (XSS) via video URL in YouTube embeds.
  • Cross-site scripting (XSS) via taxonomy term names.
  • Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Fortunately, the researchers first privately let the WordPress team know of the vulnerabilities early, allowing the development and rollout of a fix before the vulnerabilities were publicly disclosed. That fix is available now for all self-hosted WordPress sites and if your site is set to automatically update, then you might already have received it.

Related

If your site isn’t set to automatically update, then you’ll want to back it up first. If you have a staging site, then you will want to test there first to make sure nothing breaks when the update is applied. Then, just go to the WordPress admin panel, select Dashboard > Updates, and follow the instructions. While you’re at it, you can check to see if any of your WordPress plugins need updating and get them current as well. Plugin vulnerabilities can be just as damaging as those in the core WordPress system.

If you’re running a site on WordPress.com, which is administered by Automattic, then your site will already have been updated and these vulnerabilities, at least, will have been patched. If not, then your job of webmaster just got another important task that you will likely want to check off sooner rather than later.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Dell XPS 13 laptop just crashed to its cheapest-ever price
The Dell XPS 13, open on a table in front of a window.

If you like the idea of a thin and light laptop like the MacBook Air but don't want to enter the Apple ecosystem or spend a lot of money, then the Dell XPS lineup is right up your alley. In essence, the Dell XPS 13 is Dell's response to the MacBook Air, and while it can still be relatively expensive, this configuration has a great deal on it. You can grab it now at Dell for just $600, rather than the regular $800, making it one of the better Dell XPS deals we've seen this week.

Why you should buy the Dell XPS 13
The Dell XPS 13 is a surprisingly powerful little laptop for its size; with a mid-range 12th Gen Intel Core i5-1230U, it can handle many things. That means anything from day-to-day activities to productivity tasks and even potentially some editing work. Because of it's 0.55-inch thickness and 2.59-pound weight, you can easily put it in a bag and carry it around with you, making this a great option if you're constantly on the move and need a laptop for work or school. The 13.-6inch screen only runs FHD, but that's not an issue with a screen that small, and, more importantly, it can hit an impressive 500nits of peak brightness, meaning you can use the XPS 13 in any situation, including outside on a bright day, which is impressive.

Read more
Best gaming laptops in 2023: Razer, Lenovo, Asus, and more
Cyberpunk 2077 on the Lenovo Legion Pro 5.

Finding the best gaming laptop is no easy task. You want something as portable as it is powerful, all while balancing battery life, heat, and fan noise. A lot of gaming laptops get this balance wrong, but a select few rise above and get it right.

We have a new crop of gaming laptops thanks to next-gen CPU and GPU options from AMD, Nvidia, and Intel, but one sits above the rest. The Lenovo Legion Pro 5 is the best gaming laptop you can buy right now thanks to its chart-topping performance, decent price, and fantastic build quality. But it's not the only great gaming laptop we've reviewed this year.

Read more
This weird sneaker PC is on sale for less than you might think
The Cooler Master CMODX Sneaker X PC against a red background.

If you’re feeling like your PC is a little boring, you’re in luck, as Cooler Master’s experimental brand CMODX has started selling its utterly weird Sneaker X shoe-shaped computer to all and sundry. The price? A hefty $3,499.

For that, you get an Intel Core i7-13700K CPU, an Nvidia RTX 4070 GPU, 32GB of memory, 2TB of storage, and a liquid cooling system. It’s all wrapped up in a bright, garish case shaped like a chunky sneaker, of all things.

Read more