security

WordPress 4.2.1 Released to Patch Comment Exploit Vulnerability

This morning we reported on an XSS vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an attacker to compromise a site via its comments. The security team quickly patched the vulnerability and released 4.2.1 within hours of being notified. WordPress’ official statement on the security issue: The WordPress (more…)

WP Rest API Featured Image

The WP REST API development team has released a critical security update. Rachel Baker, one of the lead developers of the WP REST API plugin says, “The release fixes a serious information disclosure vulnerability, which allowed for unpublished content and post revisions to be retrieved via the REST API.” The security vulnerability affects versions (more…)