WordPress's latest update fixes critical security flaw

If you're a WordPress user, you should get your application up-to-date as soon as possible. The 4.7.2 version of the tool fixes a major security vulnerability and without it your site can be pretty easily hijacked through a zero-day attack, so speed is of the essence. This new build of the application has been available for a few days, but those who don't have the automatic updates option checked may not have had the chance to manually initialize the update just yet.

WordPress's security flaw has been discovered on January 20th and reported to the company, which chose to keep it a secret until a patch could be developed. As far as I understand, the issue would allow a hijacker to introduce links into the website's content, without proper clearance. This means that the attacker could easily lure your visitors away to malicious websites and you would be the one blamed. Major hosting services and security companies looked into the issue, but they didn't find any evidence that the vulnerability was being actively exploited.

Just so we're clear why it's so important to hurry up and update WordPress, now that the vulnerability has been made public every hacker who has some free time will be looking test it out and becoming a victim could cause you a lot of headaches. In case you're someone who's interested in creating websites and blogs, you might also want to read some of our older stories like: "Blogging platforms available for free" or "First Steps in Website Creation".

Comments

1 comment
You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <em> <i> <q cite=""> <s> <strike> <strong>