Die Entwickler von WordPress haben das Sicherheitsupdate 4.1.2 veröffentlicht. Dieses sollte umgehen von allen installiert werden, da diverse kritische Sicherheitslücken geschlossen werden.
Auszug aus dem WordPress Update 4.1.2
Summary
From the announcement post:
- A serious critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
- Files with invalid or unsafe names could be uploaded.
- Some plugins are vulnerable to an SQL injection attack.
- A very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
- Four hardening changes, including better validation of post titles within the Dashboard.
List of Files Revised
- readme.html
- wp-admin/includes/class-wp-comments-list-table.php
- wp-admin/includes/dashboard.php
- wp-admin/includes/template.php
- wp-admin/js/nav-menu.js
- wp-includes/capabilities.php
- wp-includes/class-wp-editor.php
- wp-includes/formatting.php
- wp-includes/functions.php
- wp-includes/js/plupload/plupload.flash.swf
- wp-includes/version.php
- wp-includes/wp-db.php
Link zum Release 4.1.2 http://codex.wordpress.org/Version_4.1.2