WordPress 4.3.1 Secruity Update Against Critical Vulnerabilities : Ready To Serve and Protect

As the Internet continues to evolve, those that have content management systems are in constant need of protection. WordPress recently released the 4.3.1 Security Update for it's platform in order to offer comfort to those who value their blogs. While this update addresses three major issues related to vulnerabilities, it also fixes a variety of bugs found in the 4.3 version of thepopular CMS.

The Vulnerabilities

Cross-Site Scripting Vulnerability

WordPress installation versions 4.3 and earlier were found to be vulnerable to cross-site scripting, or XXS. This allows attackers to insert client-side script into web pages. The inclusion of the XXS may allow attackers to circumvent access controls and hijack websites.

Cross-Site Scripting in User Table

Essentially, the XXS in the user table can create compromised accounts giving someone access to all personal information in the database. This can be used to do everything from causing random mayhem to obtaining privileged access to the site in general.

Creating Sticky Posts

It was found that users who don't have permissions to create sticky posts were able to do so. This problem can be utilized to replace visible content on the site or to otherwise obstruct the user from reading pages. Since version 2.7, this was a feature that could be activated by a check box on the administration side. This vulnerability allows unprivileged users to activate the sticky post. These three, along with 26 other fixes, are included in the WordPress 4.3.1 update. This is just another demonstration of how the developers of WordPress have the best interests of users in mind. Blog on knowing that your site is protected from sticky things a scripting oddities.

admin's picture

About the Author