Melbourne: A new version of the amazingly popular WordPress blogging platform has been released, and webmasters are being advised to revise their systems “directly” as it fixes a number of security issues.
WordPress 3.6.1 fixes some minor bugs but also tackes some security vulnerabilities.
Here are the details, as provided by WordPress.org’s official announcement:
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
- Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.
If you are managing a previous version of WordPress, it is actually important that you guarantee your system is kept updated from now on.
With multiple world’s websites relying upon the WordPress software, it is vital that webmaster keep their systems advanced. After all, if a hacker managed to get into your blog and inject code, the attack could be passed onto your visitors.
Users of WordPress.com, who don’t run their own website hosting, don’t need to be anxious about the new version of WordPress – as they will by now be using the newest version.
The guys at WordPress stated that they were grateful to Dave Cummo, Tom Van Goethem and Anakorn Kyavatanakij for their liable disclosure of the vulnerabilities, which meant that a fixed version of WordPress was obtainable to users at the time of the flaws’ announcement, rather than leaving millions of internet users potentially at danger.
We must all be thankful when security researchers act sensibly, for the greater good of the internet community, rather than trying to make a name for themselves by releasing susceptibility details publicly that could be oppressed by malicious hackers.
More details of the flaws fixed by WordPress 3.6.1 can be found in the authorized announcement on wordpress.org and in a blog post from Sucuri.
You can either download WordPress 3.6.1 directly, or update your installation from your site’s admin area in the WordPress dashboard.
Read more: WordPress Web Development