WordPress 4.2.2 Update Fixes Several Vulnerabilities
Publish: 2015-05-07 | Modify: 2015-05-07
Recently, WordPress has been plagued by vulnerabilities. In a previous article, "WordPress Exposes Stored XSS Vulnerability, Affecting Versions 4.2 and Below", the official release of the latest version, WordPress 4.2.2, was announced this afternoon. This is a security update that primarily fixes this cross-site vulnerability. It is recommended that everyone upgrade to version 4.2.2 immediately to ensure site security.
According to the official announcement, the default theme includes a functionality to generate an icon file (genericons), which has been found to be vulnerable. The official fix for this vulnerability appears to have involved deleting the genericons/example.html file from the theme. Additionally, another cross-site security vulnerability that was discovered previously has also been fixed in this version. Furthermore, this version also addresses a cross-site scripting vulnerability in the visual editor and other compatibility issues.
Before upgrading, please make sure to backup your website.
Comments
xiaoz
I come from China and I am a freelancer. I specialize in Linux operations, PHP, Golang, and front-end development. I have developed open-source projects such as Zdir, ImgURL, CCAA, and OneNav.
Random article
- OVH VPS London Data Center Review, starting from €2.99/month
- RAKsmart Three American VPS Specials, as low as 9.9 yuan/month (with review)
- One-Click Installation Script for Nginx on CentOS
- ICBC "Yuntong PLUS Edition" Life Card (Credit Card): Application Experience Sharing
- Powerful Remote Connection Tool mRemoteNG
- PHP curl encounters SSL certificate problem: self signed certificate in certificate chain
- Problem with the SSL CA cert error in WordPress
- Tencent Cloud Spring Purchase Event: 2 Cores 2GB for 40 RMB/year, 2 Cores 4GB for 298 RMB/3 years
- Basic Review of JUSTHOST Russian VPS
- ImgURL Pro Professional Edition Image Hosting Program 2.3.x Update, Now Supports Album Functionality