16 Oct The Latest WordPress Updates And What They Mean For Your Website
WordPress recently launched their core version 5.2.3 and this security release has brought about several important changes and important fixes. While some of these changes may seem nominal at first, they are actually quite important when it comes to the safety and security of your website.
These WordPress changes are essential for keeping your website safe and well protected, but in order to take advantage of these increased security measures, you need to update as soon as possible. While some sites will automatically update, this isn’t always a given, so it is important that you check for the update through your website.
This latest update introduced 29 new fixes and improvements the platform, and remedies for several very pertinent issues that have enabled XSS attacks. Also known as cross-site scripting attacks, these common security vulnerabilities have been a concern for WordPress users lately. XSS vulnerabilities are codes that allow attackers to send malicious output to web users when they visit a website.
Seven of the eight security fixes are all XXS related, which includes the following:
XSS attacks from contributors.
This update protects attackers, guised as contributors, from accessing your website and gaining access to the admin’s permissions in your platform.
XSS attacks in short code previews.
This vulnerability is now fixed with the WordPress update, but before certain malicious users were able to inject short codes that would allow them to access another user’s browser.
jQuery Updated to Fix an XSS Issue.
This is a javascript library that is used by WordPress and its plugins and themes. There have been updates to jQuery before, but this latest one particularly responds to XSS vulnerabilities.
XSS vulnerabilities from comments.
Until this new security update was launched, it was possible for some attackers to post comments to a WordPress site as a way to gain admin privileges.
Phishing attacks.
These are attacks where the victim is mislead to click on bad links and to be sent to malicious websites. Here, they may be putting their browser and their information at risk of exploitation.
XSS attacks during media uploads.
Attackers can upload media to a WordPress site using malicious code that may give these attackers higher privileges through that site.
WordPress Dashboard XSS.
We still need to learn more about this particular vulnerability, but in basic terms—it allowed attackers to send their victims a link that would give them access to the victim’s own site dashboard giving them administrative access to change site content—or do worse.
Issues with URL Sanitization.
This XSS vulnerability is caused by URLs not being properly sanitized.
This may sound like a lot to keep track of—and it is.
Keeping up-to-date with security updates such as this is the easiest way to make sure that your WordPress site is secure. There is already another update slated (version 5.3) slated to debut in November, which is an important reminder to WordPress users that they need to be constantly staying on top of their updates, or making sure their website manager can do it for them.
If you have questions about these WordPress updates, how to do an update for your site, or about what these changes can mean for your brand—give the experts here at Life In Motion a call today.