As soon as WordPress launch a new version they publish a changelog on their website where you can find what has been changed, including all security vulnerabilities that have been patched. Disabling the WordPress auto-update feature can open up your website to attackers that first check the changelog and then look for sites that haven’t been updated.
Are you running WordPress 4.2.0 to 4.5.1? Time to upgrade to 4.5.2!
It was recently discovered that WordPress versions 4.2.0 to 4.5.1 are vulnerable against a reflected XSS vulnerability in a specific WordPress SWF-file: flashmediaelement.swf. The vulnerability could lead to leaked WordPress credentials, or be used as a stepping stone to more severe attacks.
WordPress is amazing, we can’t argue with that. It’s efficient, powerful, and functional. However, given that it is the most popular Content Management System (CMS) in use, it is also the most vulnerable CMS platform out there. To learn more about WordPress vulnerabilities and ways to improve the security of your site, take a look at this list of our WordPress articles and updates.
A clean WordPress installation is not much fun, but plugins and themes can have security issues that should not be ignored. In this blog post, we explain what is good to take into consideration when installing a plugin or theme, and give tips on some useful WordPress security plugins that can make your WordPress experience safer.