RSS Feed
News
Sep
16
WordPress 4.3.1 Security and Maintenance Release.
Posted by Frank J. -'- Ahosting.net Support Team on 16 September 2015 11:32 AM

WordPress 4.3.1 is now available.

This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress 4.3.1 addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). A separate cross-site scripting vulnerability was found in the user list table. Discovered by Ben Bidner of the WordPress security team. Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715).

WordPress 4.3.1 also fixes 26 bugs from 4.3.

Download WordPress 4.3.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.

For more information, see the release notes or consult the list of changes.

Official link : [ https://wordpress.org/news/2015/09/wordpress-4-3-1/ ]

 


Read more »



Aug
4
WordPress 4.2.4 Security and Maintenance Release
Posted by Chris -'- Ahosting Support Team on 04 August 2015 04:25 PM

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.

 

 


Read more »



Jul
24
WordPress 4.2.3 Security and Maintenance Release
Posted by Chris -'- Ahosting Support Team on 24 July 2015 09:42 AM

WordPress 4.2.3 is now available.
This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. The new version includes a comprehensive fix for this issue. It also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft.


WordPress 4.2.3 also contains fixes for 20 bugs from 4.2.

Download WordPress 4.2.3 or venture over to Dashboard → Updates and simply click “Update Now”. Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.

For more information, see the release notes or consult the list of changes.

Official Link : [ https://wordpress.org/news/2015/07/wordpress-4-2-3/ ]


Read more »



May
10
WordPress 4.2.2 Security and Maintenance Release
Posted by Frank J. -'- Ahosting.net Support Team on 10 May 2015 04:32 PM

WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Version 4.2.2 addresses two security issues:

  • The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it.
  • WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue.

Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.

The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. WordPress 4.2.2 also contains fixes for 13 bugs from 4.2.

For more information, see the release notes or consult the list of changes.

Official Link : https://wordpress.org/news/2015/05/wordpress-4-2-2/

 


Read more »



Apr
22
WordPress 4.1.2 Security Release
Posted by Frank J. -'- Ahosting.net Support Team on 22 April 2015 10:52 AM

Hello,

An update for WordPress was just released to address various security vulnerabilities and we strongly encourgage you to update WordPress to latest version 4.1.2 as soon as possible.

WordPress versions 4.1.1 and earlier are affected by critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This has been patched in the latest version, also fixed the following security issues on this update.

1. In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.

2. In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.

3. Some plugins were vulnerable to an SQL injection vulnerability.

For more details, visit official Link:

https://wordpress.org/news/2015/04/wordpress-4-1-2/ 


Read more »



Apr
10
WP Super Cache Plugin Vulnerability
Posted by Frank J. -'- Ahosting.net Support Team on 10 April 2015 09:47 AM

Hello,

An update for WP Super Cache plugin was recently released to address a serious XSS security vulnerability. It is strongly recommended you that update this plugin to the latest version 1.4.4 as soon as possible. Always keep updated all themes/plugins, to avoid intruder access to accounts.

More details on the official Link:

https://wordpress.org/plugins/wp-super-cache/changelog/

 

--Frank


Read more »




Help Desk Software by Kayako fusion