A few hours back, WordPress team released yet another security and maintenance update patching some critical vulnerabilities. Including WordPress 4.2.3, this is the second update in last fifteen days.
In total, this new security update fixes six critical vulnerabilities which include, a potential SQL injection which could compromise the entire website, three cross-site scripting vulnerabilities, an issue where the attacker can lockout a post from being edited any further and even a potential timing side-channel attack.
In case you are wondering, the timing side-channel attack is a form of attack where the hacker analyses the time it took to complete the routine cryptographic operations in WordPress.
Then the hacker uses the obtained data to compromise the WordPress site.
According to the official WordPress blog, the vulnerabilities were found and responsibly disclosed by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, Ivan Grigorov, Johannes Schmitt of Scrutinizer, and Mohamed A. Baset.
So, in order to protect your site from being compromised, it is advised that you update your WordPress website as soon as possible. The instructions on how to update your WordPress site can be found below.
If you have auto-updates enabled or if you are on a Managed hosting platform, then the chances are that you are already covered.
To update your WordPress site, login to your WordPress dashboard. Here you will see a new notification regarding the available update. Simply click on the link “Please update now.”
This action will take you to the Updates page. Simply click on the button “Update” and you are good to go.
Alternatively you can also manually update your WordPress site, if necessary.
That’s all for now and hopefully that helps. Do share your thoughts and experiences about the new security vulnerability.