XSS Vulnerability Affecting Multiple WordPress Plugins

Genesis

Administrator
I've just updated my plugins and noticed WordPress 4.2 update. Looks as though it is more about connectivity than security though. Only part that I'm happy about is that there was an update for my security plugin WordFence I trust WordFence completely. Not sure what the WordPress 4.2 update really means. I'm worried that the "greater connectivity" with Twitter and other social media may expose the site to even greater exploits. However, what choice does it person really have? One has to load that update. I'm now up to date. Checked out the site and everything looks OK. :good:
 

xdude

New member
I use,

Jetpack
WordPress SEO
Google Analytics by Yoast
UpdraftPlus

In all my Wordpress blogs. But I keep everything updated since I worry about security. lol
 

Genesis

Administrator
xdude said:
But I keep everything updated since I worry about security. lol
So do I, almost slavishly so. I found a peculiarity though. In my one WordPress site I had to update it. Usually it is automatic. I didn't think much of it though, thinking that maybe it was a huge change to 4.2. But then with my next Website I found my WordPress site had been updated automatically. Weird!
 

xdude

New member
Do you get a mail like this ?

Howdy! Your site at hxxp://www.website.com has been updated automatically to WordPress 3.9.5.

For more on version 3.9.5, see the About WordPress screen:
hxxp://www.website.com/wp-admin/about.php

WordPress 4.2 is also now available. Updating is easy and only takes a few moments:
hxxp://www.website.com/wp-admin/update-core.php

If you experience any issues or need support, the volunteers in the WordPress.org support forums may be able to help.
hxxps://wordpress.org/support/

Keeping your site updated is important for security. It also makes the internet a safer place for you and your readers.

The WordPress Team

I think this happens when you have 2 updates. Lets say you didn't do the update 1 and also update 2 getting available. Then maybe Wordpress automatically do update 1 and send this messege. It might be wrong but that's what I thought.
 

Genesis

Administrator
xdude said:
I think this happens when you have 2 updates. Lets say you didn't do the update 1 and also update 2 getting available. Then maybe Wordpress automatically do update 1 and send this messege. It might be wrong but that's what I thought.
You're spoton. There were two updates. One for just Wordpress and another for Wordpress 4.2. But then surely there would have been two for the other Website as well? Yet it was completely up to date to 4.2. The irony is the one that was automatically updated I am not that worried about. The one I really care about was not automatically updated. Also WordFence didn't need to be updated with the second Website. Any way, they're now both up to date. :p
 
Genesis said:
strokerace said:
Another M$ product that is Vulnerable. Doesn't surprise me at all.That is why I try to stay away M$ products
WordPress isn't M$ though or is it? :confused:
In September 2010, it was announced that Windows Live Spaces, Microsoft's blogging service, would be closing, and that Microsoft would instead be partnering with WordPress.com for blogging services.
 

Genesis

Administrator
strokerace said:
Genesis said:
strokerace said:
Another M$ product that is Vulnerable. Doesn't surprise me at all.That is why I try to stay away M$ products
WordPress isn't M$ though or is it? :confused:
In September 2010, it was announced that Windows Live Spaces, Microsoft's blogging service, would be closing, and that Microsoft would instead be partnering with WordPress.com for blogging services.
No way! :shock: :hitwall:

I didn't know that. Just checked up and it's there loud and clear. Have never picked up on it on the Wordpress.org pages though:
https://www.microsoft.com/web/wordpress