RSS Feed
Latest Updates
May
10
WordPress 4.2.2 Security and Maintenance Release
Posted by Frank -'- Support Team on 10 May 2015 04:27 PM

WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Version 4.2.2 addresses two security issues:

  • The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it.
  • WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue.

Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.

The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. WordPress 4.2.2 also contains fixes for 13 bugs from 4.2.

For more information, see the release notes or consult the list of changes.

Official Link : https://wordpress.org/news/2015/05/wordpress-4-2-2/

 


Read more »



Apr
22
WordPress 4.1.2 Security Release
Posted by Chris -'- Support Team on 22 April 2015 10:36 AM

Hello,

An update for WordPress was just released to address various security vulnerabilities and we strongly encourgage you to update WordPress to latest version 4.1.2 as soon as possible.

WordPress versions 4.1.1 and earlier are affected by critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This has been patched in the latest version, also fixed the following security issues on this update.

1. In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.

2. In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.

3. Some plugins were vulnerable to an SQL injection vulnerability.

For more details, visit official Link:
https://wordpress.org/news/2015/04/wordpress-4-1-2/




Read more »



Apr
10
WP Super Cache Plugin Vulnerability
Posted by Frank -'- Support Team on 10 April 2015 09:51 AM

Hello,

An update for WP Super Cache plugin was recently released to address a serious XSS security vulnerability. It is strongly recommended you that update this plugin to the latest version 1.4.4 as soon as possible. Always keep updated all themes/plugins, to avoid intruder access to accounts.

More details on the official Link:

https://wordpress.org/plugins/wp-super-cache/changelog/

 

--Frank


Read more »



Mar
13
WordPress SEO Plugin - Security vulnerability
Posted by Frank -'- Support Team on 13 March 2015 03:26 PM

Hello,

A serious security vulnerability was found in older versions of "Yoast's WordPress SEO plugin". This vulnerability is fixed in latest version 1.7.4. In order to protect your valuable data and websites from possible CSRF attack and blind SQL injections from hackers, Please update this plugin ASAP.

Go through the below link for more details.

https://wordpress.org/plugins/wordpress-seo/changelog/

 


Read more »



Jan
28
GHOST: glibc vulnerability - a critical Linux security hole
Posted by Chris -'- Support Team on 28 January 2015 06:18 AM

Hello,

An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions. Besides Exim, other Linux components or apps that are potentially vulnerable to Ghost include MySQL servers, Secure Shell servers, form submission apps, and other types of mail servers.

More details on the following URL's

http://www.zdnet.com/article/critical-linux-security-hole-found/
https://access.redhat.com/articles/1332213

Please submit a ticket if you need help

 


Read more »