Skip to content
logologologo
  • HOME
  • WHAT WE DO
  • SOLUTIONS
    • Marketing & Advertising
      • ARTIFICIAL INTELLIGENCE (AI)
      • SEARCH ENGINE OPTIMIZATION
      • SOCIAL MEDIA MARKETING
      • PAY-PER-CLICK ADVERTISING
      • LOCAL BUSINESS MARKETING
      • MARKETING AUTOMATION
      • LEAD GENERATION
      • EMAIL MARKETING
    • Design & Production
      • WEBSITE DESIGN
      • GRAPHIC DESIGN
      • MOTION GRAPHICS & VIDEO POST
      • CORPORATE IDENTITY PACKAGE
    • Business Solutions
      • MANAGED HOSTING SERVICES
      • PRINTING SOLUTIONS
      • IT SOLUTIONS: Security, Business, Continuity, and Help Desk
  • Our Work
  • Adweblog
  • Retainer
  • Contacts
  • AdwebDeals
  • HOME
  • WHAT WE DO
  • SOLUTIONS
    • Marketing & Advertising
      • ARTIFICIAL INTELLIGENCE (AI)
      • SEARCH ENGINE OPTIMIZATION
      • SOCIAL MEDIA MARKETING
      • PAY-PER-CLICK ADVERTISING
      • LOCAL BUSINESS MARKETING
      • MARKETING AUTOMATION
      • LEAD GENERATION
      • EMAIL MARKETING
    • Design & Production
      • WEBSITE DESIGN
      • GRAPHIC DESIGN
      • MOTION GRAPHICS & VIDEO POST
      • CORPORATE IDENTITY PACKAGE
    • Business Solutions
      • MANAGED HOSTING SERVICES
      • PRINTING SOLUTIONS
      • IT SOLUTIONS: Security, Business, Continuity, and Help Desk
  • Our Work
  • Adweblog
  • Retainer
  • Contacts
  • AdwebDeals
  • HOME
  • WHAT WE DO
  • SOLUTIONS
    • Marketing & Advertising
      • ARTIFICIAL INTELLIGENCE (AI)
      • SEARCH ENGINE OPTIMIZATION
      • SOCIAL MEDIA MARKETING
      • PAY-PER-CLICK ADVERTISING
      • LOCAL BUSINESS MARKETING
      • MARKETING AUTOMATION
      • LEAD GENERATION
      • EMAIL MARKETING
    • Design & Production
      • WEBSITE DESIGN
      • GRAPHIC DESIGN
      • MOTION GRAPHICS & VIDEO POST
      • CORPORATE IDENTITY PACKAGE
    • Business Solutions
      • MANAGED HOSTING SERVICES
      • PRINTING SOLUTIONS
      • IT SOLUTIONS: Security, Business, Continuity, and Help Desk
  • Our Work
  • Adweblog
  • Retainer
  • Contacts
  • AdwebDeals
Updates
adweb.admin
0
0
February 2, 2016

WordPress 4.4.2 Security Release – Why you need to update immediately

WordPress 4.4.2 Security Release – Why you need to update immediately

WordPress UpdatesThis entry was posted in WordPress Security on February 2, 2016

It’s been a busy morning in WordPress security. Right after we released details of the attack platform we recently analyzed, WordPress released a security update in the form of 4.4.2.

According to the WordPress blog this release resolves a cross site scripting (XSS) vulnerability and an open redirection vulnerability.

We reported a server side request forgery vulnerability to the WordPress security team last year in March. We have confirmed that this release also fixes that vulnerability although it’s not mentioned in the release notes.

The details of the two fixes according to the WordPress blog are:

  • A cross site scripting vulnerability for “certain local URI’s” was resolved. This kind of vulnerability allows an attacker to embed malicious code into site content which is then loaded by site members or administrators and which executes with their privileges. [More on XSS vulnerabilities here]
  • An open redirection attack was resolved. This lets an attacker send a user to a WordPress site using a URL that contains a parameter that redirects them to another site. It’s a useful way of performing phishing attacks whereby an attacker sends a victim to a malicious site by disguising the link as a non-malicious site or a known site.
  • The release also fixes 17 non-vulnerability related bugs.

WordPress and the researchers involved have not released details of the vulnerability or a proof of concept. However we expect a proof of concept exploit for these vulnerabilities to appear in the wild within 24 hours. This expectation is based on the fact that within 24 hours of the previous release on January 6th (release 4.4.1), someone had posted a proof of concept exploit to twitter, as we mentioned on this blog last month.

Because we expect an exploit to appear in the wild so soon, we recommend an immediate upgrade to WordPress 4.4.2. The announcement from WordPress for 4.4.2 is available here.

This post was written by WordFence and can be found in it’s original context on the WordFence Blog.

Share

Post navigation

Prev
Next

Related Posts

Updates

WordPress 4.4.2 Security Release – Why you need to update immediately

WordPress 4.4.2 Security Release – Why you need to update immediately This entry was posted in...
adweb.admin
0
0
Updates

WordPress Update 2 Hours Ago

WordPress Update 2 Hours Ago If your site is hosted with us and you are using WordPress this is an...
adweb.admin
0
0

Archives

  • December 2024
  • November 2024
  • March 2024
  • February 2024
  • October 2023
  • September 2023
  • August 2023
  • May 2023
  • April 2023
  • December 2022
  • November 2022
  • August 2022
  • July 2022
  • June 2022
  • June 2020
  • August 2019
  • February 2018
  • December 2017
  • November 2017
  • March 2017
  • January 2017
  • October 2016
  • September 2016
  • August 2016
  • March 2016
  • February 2016
  • October 2015
  • June 2015
  • February 2015
  • January 2015
  • September 2014
  • April 2014
  • January 2014
  • November 2013
  • September 2013
  • July 2013
  • June 2013
  • November 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • October 2011

Categories

  • Advanced SEO Techniques
  • Artificial Intelligence
  • Brand development
  • Business advice
  • Case Studies
  • Creative
  • Design
  • Development
  • Helpdesk
  • Helpful Sales & Marketing
  • IOS
  • Life
  • Marketing
  • News
  • Online marketing
  • Print Proofs
  • Python
  • Security
  • SEO
  • Services
  • Small Business Resources
  • Social Networking
  • Training
  • UI/UX
  • Uncategorized
  • Updates
  • Web Design
  • Web Design Houston
  • Website Design Friendswood
  • Website Design Katy Texas
  • Website Design Pearland TX
  • Website Hosting
  • WordPress

I’m a professional web blogger and photographer. I run my blog for seven years. I am skilled at making complex ideas and concepts simple and easy to understand for readers.

FacebookTwitterGoogle

Categories

  • Advanced SEO Techniques (5)
  • Artificial Intelligence (2)
  • Brand development (2)
  • Business advice (10)
  • Case Studies (5)
  • Creative (3)
  • Design (2)
  • Development (1)
  • Helpdesk (5)
  • Helpful Sales & Marketing (22)
  • IOS (2)
  • Life (2)
  • Marketing (4)
  • News (4)
  • Online marketing (5)
  • Print Proofs (2)
  • Python (8)
  • Security (3)
  • SEO (11)
  • Services (2)
  • Small Business Resources (1)
  • Social Networking (1)
  • Training (12)
  • UI/UX (2)
  • Uncategorized (33)
  • Updates (2)
  • Web Design (1)
  • Web Design Houston (4)
  • Website Design Friendswood (4)
  • Website Design Katy Texas (1)
  • Website Design Pearland TX (2)
  • Website Hosting (1)
  • WordPress (1)

Tags

Adwebvertising Houston Texas algorithms anchor text Article back-links branding Building Content content Content Development Houston Texas Content Development Pearland corporate messaging Creative credibility Dancing With Penguins emphasis evolution flat Get on top of search engines Google Algorithm Google Dance Google Penguin Update graphic design Hire a webmaster keywords linking strategy links loyalty Module New York persuasion search directory Search Engine Optimization Houston seo strategy text traffic web development Friendsowo Web Development Pearland Web Services Website Designer Houston Texas Website Design Friendswood Website Design Houston Texas Website Design Pearland Website Development Houston Texas Websites Pearland Wordpress 4.7.3 Security Release
February 2016
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
29  
« Oct   Mar »

Instagram

This error message is only visible to WordPress admins

Error: No feed found.

Please go to the Instagram Feed settings page to create a feed.

Content Collection Form    |    Needs Assessment

Copyright © Adwebvertising 2023. Another Brilliant Design by Adwebvertising.