Another round of updates was released today because of a Genicons security flaw in WordPress themes and plugins. WordPress was updated to version 4.2.2 to help deal with this issue proactively instead of waiting for theme and plugin authors to update their products.
So What’s A “Genicons”?
Genicons is an icon font package that is used in quite a few plugins and themes built for WordPress. The package contains an HTML file that is not needed, but contains a cross-site scripting (XSS) vulnerability. This is the same type of flaw that was discovered a week or so ago and patched in a number of plugins and even WordPress itself.
What Do I Need To Do?
If you are in my Website Management Program, you need do nothing. All updates have been applied.
Otherwise, you need to log in to your WordPress site and apply any updates ASAP. Applying the WP 4.2.2 patch is especially important as it will search for and remove the flawed HTML file during the install process. This helps to alleviate the problem even if the author of a particular plugin or theme hasn’t gotten a fix posted yet.
What Plugins or Themes Are Affected?
The two most prominent are the JetPack plugin produced by WordPress and the Twenty Fifteen theme that is the latest default WP theme included with the WordPress software package. There are literally millions of installs of these two products so it is critical that everyone update them now.
Why Was WordPress Patched?
In addition to the proactive scan mentioned earlier, a comprehensive fix was put in place for the XSS vulnerability that exists in WP 4.2 and earlier versions. An additional fix for a potential XSS flaw in the Visual Editor was also implemented.
Kudos to the WordPress development team for getting these issues addressed and released quickly.
Keep those updates current, folks!
Laptop image courtesy of Stuart Miles on FreeDigitalPhotos.net