Wednesday, April 29, 2015

Wordpress - Zero Day Vulnerability Discovered

Most of the time, we have reported about WordPress vulnerabilities involving vulnerable plugins, but this time a Finnish security researcher has discovered a critical zero-day vulnerability in the core engine of the WordPress content management system.
I thought I'd post about this since the vulnerability is a bit unusual.  I also though it was a bit unusual that Wordpress reportedly ignored a previous vulnerability that the researcher reported to them.  Wordpress has a responsibility to it's users and for them to purposefully ignore such a discovery is wrong, in my opinion.

So, if you've Wordpress CMSs that you administer, I'd advise you to upgrade to v4.2.1 (I did a few days ago).

No comments: