January 2016 has brought some needed WordPress updates. If you are still running an older version of WordPress, please update it to the current 4.4.1 core update, to make sure all your security vulnerabilities are patched. Of course, as always, make sure you have done a complete website backup first!

WordPress 4.4.1 fixes an XXS vulnerability, also know as a cross site scripting vulnerability, in WordPress. According to WordFence, a leader in WordPress security, and a program we use on all of our website builds:

The vulnerability that WordPress 4.4.1 fixes is a cross site scripting or XSS vulnerability. The Automattic team did not release details of the vulnerability in the announcement, but the patch was reverse engineered by several security teams and they used the code change to come up with a proof of concept exploit. The exploit has also been posted on twitter. The result is that the exploit for this security issue is now in the wild so it’s very important that you update asap.

WordFence also announced several plugins that had vulnerabilities reported and fixed this month. If you are running any of these, it is important that you update them as well.

Commentator (version 2.5.2 and older): Has a reflected XXS vulnerability. Fixed in version 2.5.3.

WordPress Download Manager (version 2.8.7 and older). Has multiple vulnerabilities, including privilege escalation, directory listing and unauthorized file download. Fixed in version 2.8.8.

Simple Ads Manager (version 2.9.4.116). Has an SQL injection vulnerability that will allow a remote hacker to access the admins hashed password and other sensitive database information. Fixed in version 2.9.4.118.

Simple Download Monitor (version 3.2.8). Has multiple issues that allow users to list all uploaded files, delete file thumbnails and download password protected files without a password. Fixed in version 3.2.9.

If you are running any of these plugins, please make sure they are updated as soon as possible for the security of your site. As always, before running any updates make sure you have backed up your site, in case something goes wrong and you have to roll it back for some reason.

If you are on one of our WordPress Care & Support Packages, no worries, we have taken care of it for you already! That’s what you pay for.

If you aren’t on a support package and have concerns about doing these updates yourself, please contact me and we will get you into one, or you can pay for time by the hour to have me handle these updates for you.

nora-signature

Image Credit: kpgolfpro / Pixabay

 

Nora Kramer
Follow Me

Nora Kramer

Principal + Creative Director at Nora Kramer Designs
Nora Kramer is a graphic designer, website developer, and online marketing consultant, based in the Tampa Bay, Florida area, with over two decades of experience in graphic design, website development and company branding. She also has a passion for photography and writing. Nora received the Charlie Award (1st Place) in 2002 for "Best Magazine Feature Article of the Year" from the Florida Magazine Association for a cover feature article she wrote for "Create," a graphic design magazine. You can follow all of her social media channels at about.me/norakramer.
Nora Kramer
Follow Me
Click To Call

Get Our Website Pricing Guide

Enter your email address below, and we will send you our current pricing guide immediately.

You have Successfully Subscribed!

Get access to my carefully compiled list of favorite and recommended FREE TOOLS you can start using today to assist you with your website creation, blogging, social media sharing, and more.

The list includes tools for website planning and wireframing, color palette creations, typography and font pairings, icon creation, free stock image photography resources, image and social media content creation, image compression and resizing, and search engine optimization and keyword planning.

Thank you for subscribing!

Pin It on Pinterest