Procurement News Notice |
|
| PNN | 10566 |
| Work Detail | A popular content management system (CMS) software provider that powers about a quarter of all websites in the world has issued security patches today to fix two serious security flaws. As of February of this year, over half of all websites and blogs with a known content management system uses this as their backend. Webmasters are encouraged to update this CMS software's packages as soon as possible to protect their domains and their site users from critical vulnerabilities. WordPress 4.6.1 is now available and it patches two security flaws that put thousands of websites at risk. The first flaw, a cross-site scripting vulnerability, was discovered in June by security researcher Cengiz Han. This flaw allows an attacker to upload a specially crafted image to a WordPress site then inject malicious JavaScript code to steal login credentials, session tokens or to remotely execute more malicious code. The second flaw is a path traversal vulnerability in the upgrade package uploader discovered by Dominik Schilling of WordPress' own security team. The WordPress 4.6.1 update should fix all these vulnerabilities including 15 previous bugs from version 4.6, which include backspace jumping, infinite loops during plugin installs, thumbnail preview bugs, and email failure on certain setups. To get this critical patch, go to your WordPress Dashboard >> Updates >> "Update Now." WordPress sites that have automatic background updates enabled should have their upgrade process already initiated. For the regular end user, backend vulnerabilities like these show how important it is to have real-time internet protection from compromised websites and emerging threats. Computer security software like our sponsor Kaspersky Lab's Total Security can help. Kaspersky Total Security suite has everything you need to stay safe from sophisticated online threats. With its phishing alerts, website reputation warnings, and real-time monitoring, Total Security will safeguard your privacy, money and data from today's online dangers. |
| Country | Russia , Eastern Europe |
| Industry | Information Technology |
| Entry Date | 15 Oct 2016 |
| Source | http://www.komando.com/happening-now/372553/top-story-critical-security-holes-affecting-thousands-of-websites |
