WordPress recently encouraged webmasters to update their CMS packages to avoid the problems found with newly discovered vulnerability exploits. The company put out a security advisory with the latest version of the content management system warning webmasters of the potential threat.
WordPress, 4.6.1 contains an update to patch a cross-site scripting vulnerability and a path traversal security flaw, both grave security threats. An attacker can utilize these exploits to perform a wide variety of malice-based actions. Potential problems can include stealing session tokens and determining login credentials.
However, the most dangerous problem faced with these security threats is the ability of an attacker to remotely execute malicious code. These problems came from the discovery for attackers to take advantage of a scripting vulnerability related to image filenames on a WordPress site to utilize malicious JavaScript code.
This problem was discovered by SumOfPwn researcher Cengiz Han. The path transversal vulnerability, discovered by WordPress itself, was attributed to the upgrade package uploader. These problems are no longer an issue with WordPress version 4.6.1, but any versions that haven’t been updated are still vulnerable to this attack method. It is recommended that if you have no upgrade the content management system within your website that you do so immediately. The longer webmasters wait, the longer the website is at risk.
The newest version of WordPress also patched 15 different bugs that users were experiencing. These bugs included server setup problems for email, image thumbnail behaviors and infinite loop errors with plugin installations. For information on bugs that were specifically fixed see the release notes and list of changes. If you are worried about the vulnerability of your website, please contact your webmaster. If the updates or content management are installed incorrectly, the site may become unusable! The webmaster should be able to identify the WordPress version currently being used and update it as necessary.
