Skip to main content

WordPress fixes huge security vulnerability, all users instructed to update

A serious zero-day vulnerability has been discovered in WordPress, and fixed as of its most recent stable release. All WordPress users are encouraged to make sure that they have updated their installation to version 4.7.2, as otherwise their site could be hijacked.

It’s thought that the exploit could give attackers the ability to modify the content on any post or page that’s part of a site built with WordPress, as per a report from Tripwire. Obviously, this lends itself to garden variety vandalism, but there’s also the threat of a much more troubling form of attack.

Recommended Videos

The vulnerability could be used to introduce harmful links into otherwise benign content. These links could take users to sites that install malicious software on their computers, or even be utilized as one element of a larger phishing scam, using the WordPress site as cover.

The problem was discovered by researchers at security firm Sucuri, which notified WordPress on January 20. The vulnerability was kept quiet at the time, because a fix had to be developed, and making the issue public could potentially have allowed malicious entities to take advantage.

Major WordPress hosting services and security companies were notified about the vulnerability ahead of its existence being disclosed to the public. Data from these organizations showed no indication that attackers had been able to exploit the issue.

However, now that the problem has been made public, it’s possible that criminal entities could use the vulnerability to target WordPress installations that aren’t up to date. Version 4.7.2 has been available since January 26, but users that don’t have automatic updates activated will need to initiate the process manually.

That means that if you have a WordPress site set up that you haven’t looked at in a while, it’s time to make sure it’s running version 4.7.2. It only takes a moment to check that you’re up to date — but if hackers manage to exploit this vulnerability on your site, you’re in for a much bigger headache.

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
No, a lifetime VPN subscription doesn’t mean ‘your’ lifetime
iPhone with VPN service enabled in hand over a blurred background

Folks who signed up for al lifetime subscription with VPN provider VPNSecure have been discovering the true definition of “lifetime” when it comes to such deals. And it’s not the one they'd hoped to hear.

After new owners took over the company, these particular customers recently had their lifetime subscriptions canceled. The new operator of VPNSecure told them that it didn’t know about the lifetime deals when they acquired the business, adding that it was unable to honor them.

Read more
SanDisk’s latest drive sets new benchmark for consumer NVMe SSDs
The SanDisk WD Black SN8100 PCIe Gen 5 SSD with and without heatsink variants

SanDisk has officially introduced the WD Black SN8100, its latest high-end PCIe Gen 5 NVMe SSD targeting PC enthusiasts, gamers, and professional users. With sequential read speeds of up to 14,900 MB/s and write speeds of 14,000 MB/s, the drive sets a new bar for consumer SSD performance, surpassing some of the best NVMe SSDs currently on the market, including the Crucial T705. 

The SN8100 uses a standard M.2 2280 form factor and is available in capacities of 1TB, 2TB, 4TB, and 8TB. It’s worth noting that the 1TB model offers lower write speeds, up to 11,000 MB/s, compared to the higher-capacity versions, which reach up to 14,000 MB/s. 

Read more
Pairing the RTX 5090 with a CPU from 2006? Nvidia said ‘hold my beer’
RTX 5090.

Nvidia's best graphics cards are often paired with expensive CPUs, but what if you want to try a completely mismatched, retro configuration? Well, that used to be impossible due to driver issues. But, for whatever reason, Nvidia has just removed the instruction that prevented you from doing so, opening the door to some fun, albeit nonsensical, CPU and GPU combinations.

The instruction in question is called POPCNT (Population Count), and this is a CPU instruction that also prevents Windows 11 from being installed on older hardware. Its job is counting how many bits are present in a binary number. However, as spotted by TheBobPony on X (Twitter), POPCNT will not be a problem for Nvidia's latest graphics cards anymore.

Read more