Incident Response, Network Security, Patch/Configuration Management, TDR, Threat Management, Vulnerability Management

WordPress update fixes XSS issues


Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.

The latest iteration, WordPress 4.6.1, rolled out on Wednesday to address two security issues: a cross-site scripting vulnerability via image filename, and a path traversal vulnerability in the upgrade package uploader, according to The update also patches 15 other bugs in the underlying CMS codebase.

The popularity of the site combined with its integration of a variety of third-party plugins has made it target for attackers in the past.

According to security researcher Graham Cluley, this latest update patches "bugs in the main WordPress content management system itself," which, he pointed out, could make nearly every site using the blogging platform vulnerable.

Users are urged to visit their WordPress admin panel and choose Dashboard/Updates/Update Now. Users can also choose to implement automatic security updates.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.