View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
January 30, 2017

WordPress update issues patches for XSS and SQL injection bugs

The patch will tackle problems with cross-site scripting and SQL injection.

By Tom Ball

WordPress users have been advised to upgrade to the newest version of the CRM software as soon as possible, with the update patching three security flaws.

The vulnerabilities, including SQL injection, a cross-site scripting issue and a vulnerability in the Press This function, were announced in an update by Aaron Campbell.

“It is absolutely imperative that all users of WordPress 4.7.2 upgrade immediately to the new version. Despite having been around for over a decade and regularly featuring on the OWASP Top 10 list (the widely accepted standard for application security), both SQL injections and cross scripting vulnerabilities continue to expose enterprises to large-scale breaches and brand damage. The 2015 TalkTalk breach only serves as a reminder of the severity of this attack vector,” said Veracode’s Paul Farrington.

The upgrade can be accessed either via an email notification regarding the patch, or alternately the download can be quickly accessed from the Dashboard, by navigating to the “Update Now” option.

This instance is not the first occasion that WordPress has found gaps in its security, as previous breaches have caused concern, such as the hacking of the Reader’s Digest website. According to David Emm, senior security researcher at Kaspersky Lab, “a couple of instances with cross site scripting exploits” had been noted at the end of last year.

Jérôme Segura of Malwarebytes told CBR previously that the attack Reader’s Digest was not even very sophisticated, and went on to say that the “leveraging vulnerabilities in WordPress” have “never been patched”.  Segura explains that “a script was injected into the site”, causing the breach.

WordPress has experienced various breaches in recent years, and in reflection on the recent patch, it is evident that very pertinent issues are being tackled. SQL is a threat that has been highlighted in the patch details, and has been known to be a threat to WordPress following the Reader’s Digest attack.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.