If you use WordPress for your content management system, you may have noticed a little notification in your admin page saying there is a new version available. Many webmasters ignore these types of WP updates for weeks or months in an attempt to let other users ‘work out the bugs’ before they upgrade. While this normally isn’t a bad idea, this time you really don’t want to wait.
The latest version being pushed out by WordPress, version 4.1.2, is a ‘critical security release,’ which means that it is closing a serious vulnerability in the system.
According to Gary Pendergast, who is on the WordPress security team, “WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.”
As you are likely aware, updating WordPress is quite simple and can be done with just a few clicks in your admin panel or you can download the latest version HERE.
In addition to the main security fix that is being put in place, this version also addresses issues that make files with invalid or unsafe names able to be uploaded, which effects all WordPress versions higher than 4.1. They also fix another cross-site scripting vulnerability that could potentially be used as a social engineering attack for versions 3.9 and above. Other security updates are also included in the new version.
The bottom line here is all marketers need to act quickly to update their sites. You wouldn’t hesitate to update the physical security in a brick and mortar store if there was a known flaw, don’t put your online business at risk either.
