WordPress 4.0.1 update – important security fixes

All my blogs use WordPress.

Why WordPress ? Because it is customizable and I can tweak it in any way I want… Well, almost…

But from time to time there is the need to update it. Yesterday the update 4.0.1 was release which fixes important security bugs:

  • Three cross-site scripting issues that a contributor or author could use to compromise a site
  • A cross-site request forgery that could be used to trick a user into changing their password.
  • An issue that could lead to a denial of service when passwords are checked.
  • Additional protections for server-side request forgery attacks when WordPress makes HTTP requests.
  • An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008
  • WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address.

Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos.

My ISP can’t update it automatically, so I have to update it manually.

But it is not hard to do that and so far I managed to never break it. 🙂

Most important of all: make a backup !

Read here is how to update it!

 

Have fun!

 

PS: All my sites have 4.0.1 and are up to date!

 

 


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close