Well, that was quick! In my last post, I mentioned that WP 4.2 had been released and that we would wait for the first patch to update from 4.1. A WordPress 4.2.1 security patch was released today to fix a potential security flaw in the commenting function of WordPress 4.2. While I don’t really feel that 4.2 has been adequately shaken out in the real world, I am applying this patch to all my client sites due to the nature of the fix.
What’s The Problem?
This type of security flaw is called a “cross-site scripting” vulnerability, aka XSS vulnerabilty. It allows someone external to the site to craft a URL that can inject malware into the site, bypass logins, etc. Full technical details can be found on Wikipedia:
Cross-site scripting vulnerability
What Do I Do About It?
Update your WordPress installation to v4.2.1 immediately. The vulnerability has been patched and you need to be on the latest version of WP to be secure. If you have automatic updates turned on your site will automatically update to 4.2.1 within the next 24 hours. You can always do it yourself via the WP dashboard if you’d rather not wait for the automatic update to happen.
Always practice safe computing!
Laptop image courtesy of Stuart Miles on FreeDigitalPhotos.net
Protected by WebARX