WordPress Security Update 3.6.1

WordPress, the most popular blogging and content management wordpress-under-attack-cropsystem has just released a security update. The update or maintenance release will replace the current 3.6 to 3.6.1, fixing 3 security vulnerabilities. One of the security vulnerabilities is a Remote Code Execution reported by a Belgian web application security researcher.

Fortunately, he hasn’t provided the complete disclosure stating:

Due to ethical considerations, I will not disclose a Proof of Concept of this exploit at this time, as there are too many vulnerable WordPress installations out there.

 

The other two vulnerabilities are:

  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.

 

More information can be located at the link below:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.