Well-known blogging service WordPress has issued a critical security release to fix a vulnerability that could have compromised millions of websites. “WordPress versions 4.2.2 and earlier are affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site,” said Gary Pendergust in a blog post. Cross-site scripting is vulnerabilities in the code of Web applications that opens up the website to attacks. It’s one of the most common conduits used by hackers.
In addressing this vulnerability issue, the blogging service has also taken the opportunity to do a little maintenance and take care of some bugs. One of the bigger issues addressed in the update deals with fixing a problem where it was possible for a user with Subscriber permissions to to create a draft through Quick Draft. WordPress also addressed 20 other smaller bug fixes through the update.
Users are being encouraged to go ahead and update to version 4.2.3 and take full advantage of the changes and security fixes. WordPress did an excellent job of keeping things under wraps until the problem was resolved – and it was resolved swiftly. There’s a link provided by WordPress in their blog post for updating to 4.2.3 and we highly recommend getting that taken care of.