January 04, 2012

WordPress releases update following security issue

WordPress has made available version 3.3.1 of its popular blogging software, which closes 15 vulnerabilities, including a cross-site scripting hole that was revealed Monday by two Indian security researchers. The bug, however, can only be exploited on iterations of WordPress being installed from an IP address, not a domain name, according to another researcher who attempted to reproduce the vulnerability. "These are the types of problems that keep software QA engineers awake a night," Chester Wisniewski, a senior security adviser at Sophos, said in a blog post. "Who would expect to need to create test cases for whether the initial install was done with an IP versus a name?"
Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

WordPress tightens security with two-factor authentication

The new feature is immediately available for users and "secret" codes can be accessed via SMS or through the Google Authenticator app.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.