Network Security, Vulnerability Management

WordPress 4.2.4 released, includes fixes for a variety of flaws

WordPress released a security update, WordPress 4.2.4, on Tuesday that addresses six security vulnerabilities, four of which can be exploited by an attacker to compromise a website. 

Among the four bugs that can lead to a website compromise are a SQL injection vulnerability and three cross-site scripting (XSS) flaws, a Tuesday release indicated.

In an advisory, security firm Check Point deemed the SQL injection vulnerability - CVE-2015-2213 - critical in severity, and noted, “Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.” 

The update also fixes a bug that allowed an attacker to lock a post from being edited, as well as a flaw that could enable a potential timing side-channel attack. Additionally, the update addresses four bugs in WordPress 4.2.3.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.