WordPress 4.2.4 – Critical Security Update and Maintenance Release

A few hours back, WordPress team released yet another security and maintenance update patching some critical vulnerabilities. Including WordPress 4.2.3, this is the second update in last fifteen days.

In total, this new security update fixes six critical vulnerabilities which include, a potential SQL injection which could compromise the entire website, three cross-site scripting vulnerabilities, an issue where the attacker can lockout a post from being edited any further and even a potential timing side-channel attack.

In case you are wondering, the timing side-channel attack is a form of attack where the hacker analyses the time it took to complete the routine cryptographic operations in WordPress.

Then the hacker uses the obtained data to compromise the WordPress site.

According to the official WordPress blog, the vulnerabilities were found and responsibly disclosed by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, Ivan Grigorov, Johannes Schmitt of Scrutinizer, and Mohamed A. Baset.

So, in order to protect your site from being compromised, it is advised that you update your WordPress website as soon as possible. The instructions on how to update your WordPress site can be found below.

If you have auto-updates enabled or if you are on a Managed hosting platform, then the chances are that you are already covered.

For the geeks, here is the release notes and the list of changes.

Update WordPress

To update your WordPress site, login to your WordPress dashboard. Here you will see a new notification regarding the available update. Simply click on the link “Please update now.”

wordpress-4-2-4-update-link

This action will take you to the Updates page. Simply click on the button “Update” and you are good to go.

wordpress-4-2-4-update-now

As a precaution, don’t forget to make a good backup of your WordPress site and database before updating. This will help you revert back if anything goes wrong.

Alternatively you can also manually update your WordPress site, if necessary.

That’s all for now and hopefully that helps. Do share your thoughts and experiences about the new security vulnerability.

1 Comment

  1. Thanks for the update. I’ve updated my site as soon as I received your quick email update on the security release.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.