Upgrading To Version 4.1.2 Might Just Save Your Site
- April 22, 2015
- Leave a comment
Given the massive upset in the WordPress safety community as of late, it now seems only appropriate that WordPress itself would develop and release a rapid, security-centric update.
The formerly unplanned 4.1.2 is being pushed as a “critical security release” that will be vital to the continued security of all WordPress sites as an increasing number of plugins is shown to be subject to flaws leaving them wide open to hackers.
WordPress security team member Gary Pendergast released a sobering statement on the version,
“WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.”
This statement is followed by the discovery that some of the most-utilized plugins WordPress has to offer, including but not limited to Jetpack, WordPress SEO and All In One SEO, are incredibly susceptible to a form of hacking called cross-site scripting, wherein those with poor intent are able to push unwanted code into unsecured pages.
Though these plugins have since been updated, true security begins with WordPress as the CMS that hosts these plugins itself.