Elevate your enterprise data technology and strategy at Transform 2021.


Ubiquitous blogging service WordPress has issued a critical security release to fix a vulnerability that could’ve compromised the security of millions of websites.

“WordPress versions 4.2.2 and earlier are affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site,” explained WordPresser Gary Pendergast in a blog post.

Cross-site scripting, or XSS, is a vulnerability in the code of Web applications that opens up the target (i.e. website) to attacks, and it’s one of the most common conduits used by hackers.

With these vulnerabilities in the code, hackers are able to embed malicious HTML, Flash, JavaScript, and other code to “fool” the user into executing a script on their computer. This can lead to the collection of user data, including cookies stored on the machine.

The good news is, a WordPress user reported the vulnerability privately, allowing the community to fix the issue without it becoming public knowledge. However, the fix does require users to upgrade to version 4.2.3, which is easy enough to do from within the main WordPress dashboard.

WordPress has also taken this opportunity to introduce a handful of other bug fixes.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member