WordPress has rolled out a new version dubbed 4.2.3 of its content management system (CMS) to patch a critical cross-site scripting (XSS) vulnerability affecting all the existing versions. The blogging platform, which powers more than 60 million websites, urges all webmasters to update their sites.
The XSS vulnerability in question could have been exploited by any user marked "author" or "contributor" to fully compromise the site's security. The company didn't reveal the specifics around the vulnerability.
The
WordPress update also fixes a recently discovered bug that allowed any subscriber to create blog posts on the site using management system's Quick Draft mechanism. The company says that the new update squashes 20 bugs.
Earlier this month, the company fixed several vulnerabilities in its plugins that could have been exploited to execute arbitrary code to steal sensitive information.
This is the second major vulnerability discovered in WordPress this year. In May, a major vulnerability
was found in ThirtyFifteeen theme and the JetPack plugin, which affected about a million users.
The good thing about these updates is that they don't take much effort to implement. The blogging platform lets webmasters update to the latest version by simply clicking on the
Update Now button.