March WordPress update provides fixes to six security issues that affected 1.5m users.
The newest WordPress update 4.7.3 provides a fix to a number of security issues that allowed attackers to deface numerous sites. They used three cross-site scripting vulnerabilities to gain unauthorised access to over 1.5m WordPress sites.
The six vulnerabilities patched in the new update are as follows:
- Cross-site scripting (XSS) via media file metadata.
- Control characters can trick redirect URL validation.
- Cross-site scripting (XSS) via video URL in YouTube embeds.
- Cross-site scripting (XSS) via taxonomy term names.
- Unintended files can be deleted by administrators using the plugin deletion functionality.
- Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
Potential attackers exploit these cross-site scripting (XSS) vulnerabilities by injecting client-side scripts into websites. As a result of these security issues, sensitive data leaks can occur. This then results in the unauthorised access of a website. Therefore, to keep sensitive information secure, WordPress users should update to the new version as soon as possible.
Wordfence concluded this to be ‘one of the worst WordPress related vulnerabilities to emerge in some time.’
Update your WordPress site now!
In conclusion, make sure you update now to protect your WordPress site from these malicious attacks. Click here for the WordPress 4.7.3 Update. Not able to update it on your own? We’re here to help, just flick us an email and we’re sure we can provide some assistance.