On January 16, 2017 WordPress released version 4.9.2, which included several security updates, as well as bug fixes for all versions after WordPress 3.7. WordPress has reported that a cross-site scripting (XSS) vulnerability was found in a group of files used to play Flash videos, which was included with all WordPress versions after 3.7. However, because most browsers no longer require these files to play video content, upgrading to version 4.9.2 removes these files. Due to the nature of XSS vulnerabilities, it is highly recommended that WordPress users update their websites immediately to avoid possible compromise.
WordPress notes the following bug fixes and features in particular:
SMART PLUS, SiteLock INFINITY, and Patchman users are protected from this security issue, as SMART/PATCH and the Patchman libraries have been updated with secure patches that protect plugins and themes reliant on their current versions. It is still advised that website owners plan full version upgrades as soon as possible to take advantage of the new features and full list of bug fixes in WordPress version 4.9.2.
For more information about how SiteLock can help protect your websites from vulnerabilities and malware, contact us at 855.378.6200. We are available 24/7/365 to help!
We recently discussed a particularly sneaky piece of malware that’s been disguising itself as fake plugin and targeting Joomla! users. While this phenomenon is not unique to the Joomla! content management system, SiteLock has discovered a recent trending fake plugin for WordPress, one of the world’s largest open source applications.
Giving back to the communities in which we live and work is something we are extremely passionate about, especially when the cause supports local schools. In an effort to help enhance the quality of education in the Phoenix, Arizona and Jacksonville, Florida areas, we are excited to announce the SiteLock Digital Kids Fund and our new partnership with DonorsChoose.org.
© Copyright 2018, SiteLock LLC.