Η Automattic just released one new update για το web software her. WordPress 4.2.4 is now available for download.
The release, WordPress 4.2.4 fixes three cross-site vulnerabilities scripting and a potential SQL injection attack that could be exploited to compromise any site (CVE-2015-2213).
Also includes a fix for potential timing attacks side-channel which allowed an attacker to lock a post from further editing.
The new WordPress 4.2.4 version also resolves the 4 bugs of the release 4.2.3.
- FIX – WPDB: When checking the encoding of strings against the database, make sure we're only relying on the return value of strings that were sent to the database. #32279
- FIX – Don't blindly trust the output of glob () to be an array. #33093
- FIX - Shortcodes: Handle do_shortcode(' edge cases. #33116
- FIX - Shortcodes: Protect newlines inside of CDATA. #33106
For more see it note.
If you are a site administrator using the platform, upgrade immediately.