Skip to main content

WordPress fixes huge security vulnerability, all users instructed to update

wordpress vulnerability version 472 plug in
INBJ / 123RF
A serious zero-day vulnerability has been discovered in WordPress, and fixed as of its most recent stable release. All WordPress users are encouraged to make sure that they have updated their installation to version 4.7.2, as otherwise their site could be hijacked.

It’s thought that the exploit could give attackers the ability to modify the content on any post or page that’s part of a site built with WordPress, as per a report from Tripwire. Obviously, this lends itself to garden variety vandalism, but there’s also the threat of a much more troubling form of attack.

The vulnerability could be used to introduce harmful links into otherwise benign content. These links could take users to sites that install malicious software on their computers, or even be utilized as one element of a larger phishing scam, using the WordPress site as cover.

The problem was discovered by researchers at security firm Sucuri, which notified WordPress on January 20. The vulnerability was kept quiet at the time, because a fix had to be developed, and making the issue public could potentially have allowed malicious entities to take advantage.

Major WordPress hosting services and security companies were notified about the vulnerability ahead of its existence being disclosed to the public. Data from these organizations showed no indication that attackers had been able to exploit the issue.

However, now that the problem has been made public, it’s possible that criminal entities could use the vulnerability to target WordPress installations that aren’t up to date. Version 4.7.2 has been available since January 26, but users that don’t have automatic updates activated will need to initiate the process manually.

That means that if you have a WordPress site set up that you haven’t looked at in a while, it’s time to make sure it’s running version 4.7.2. It only takes a moment to check that you’re up to date — but if hackers manage to exploit this vulnerability on your site, you’re in for a much bigger headache.

Editors' Recommendations

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
What is an RSS feed? Here’s why you should still use one
A person using a HP ENVY x360 2-in-1 15.6-inch Touch-Screen Laptop sitting on a bed.

With so much new content on the web added daily, it can be tough to keep up with what's happening online. People try several different ways, including visiting specific websites every day, doing Google searches, or relying on social media to keep them informed. One solution that sometimes gets overlooked is an old-school one: The RSS feed.

What is an RSS feed? It's a technology that has influenced many modern internet tools you're familiar with, and its streamlined, algorithm-free format could make it your next great tool for reading what you want online.
What is RSS?

Read more
Best laptop deals: Save on HP, Lenovo, Dell and Apple
Asus ROG Zephyrus M16 playing Cyberpunk 2077.

Buying a new laptop can be very daunting, especially with how saturated the market is with dozens of options from nearly a dozen brands and various configurations of each of those laptops. Even worse is trying to navigate the maze of available laptop deals across various retailers, and for those who don't want to do all that legwork, you're in luck! We've used our experience to collect the best deals in various categories to ensure you get the best bang for your buck. All you need to do is have a general sense of what specs or brand you want, and we'll likely have a deal for it listed below.

Best Laptop Deals

Read more
M2 MacBook Air vs. M1 MacBook Air: things have changed
A man holds the new Macbook Air (2022) in his hands.

The Apple MacBook Air M1 has been among our favorite MacBooks for some time now, and it's even held a place on our list of the best laptops overall. The new MacBook Air M2 is a significant redesign, bringing with it a new chassis and Apple's latest M2 processor.

Sometimes, it's easy to recommend the new model over the old one, especially when the new model brings significant improvements. The M2 MacBook Air qualifies, as it feels a lot more like a completely new model than a simple replacement of the old one. While Apple continues to sell the original M1 MacBook Air at a lower price, the M2 MacBook Air can often be had for only a little more money. That makes the choice between them a lot easier.
Specs
 

Read more