WordPress Zero-Day vulnerability, is this the end of the world?

Business IT in London and the UK - WordPress zero hour

WordPress Zero-Day vulnerability, is this the end of the world?

No, but it’s very epic!

The latest news is that a Finland-based security firm has found a critical vulnerability in the core engine of the WordPress Content Management System (CMS).

What they have discovered is a Zero-Day flaw that could allow hackers to execute remote code on the webserver, taking over the CMS platform by simply adding comments on pages and posts.

Holy paska!

What has been discovered is that an XSS flaw (Cross-Site Scripting) is in WordPress’ comments system and affects WordPress Versions 3.9.3, 4.1.1, 4.1.2 and 4.2. and allows a hacker to inject a malicious JavaScript code into the comments section. What could happen next is hackers could change passwords, add new administrator users and pretty much take any other action that can only be approved by a legitimate administrator of the site.

An absolutely critical compromise, one that needs to be rectified quick smart.


Immediate protection

In order to fix the security hole, upgrade WordPress to version 4.2.1 which will resolve the cross-site scripting vulnerability.

If you are not able to upgrade your WordPress version due to customisations, it has been advised to turn off all commenting within WordPress settings, however, ideally an upgrade must be actioned.

For an in depth update and a video demonstration of the actual vulnerability visit: http://thehackernews.com/2015/04/WordPress-vulnerability.html

If you would like some help with your WordPress upgrade, please get in touch below.

Contact us about business IT in London and the UK

The following two tabs change content below.
David has held positions as Operations Director and Head of IT in legal and professional firms for more than 10 years. He is a Director and co-owner of Amazing Support, an Award Winning, Microsoft Silver & Cyber Essentials accredited specialist Managed IT Support and Cyber Security company. David actively helps SME businesses receive better Managed IT Support and Cyber Security Services in the London and Hertfordshire areas. He also assists overseas companies who are looking to expand their business operations into the UK and helps with their inward investment IT process. A member of The Chartered Institute for IT (BCS), UK Council for Child Internet Safety (UKCCIS) and an event speaker promoting business start-ups and technology awareness. David is also an Accredited Mediator. Married with a son, David enjoys driving his hybrid around Hertfordshire, participating in charity bike rides and is a keen Krav Maga practioner.