Monday, April 20, 2015

Vulnerability in popular Wordpress plugin is reported


The Sucun blog has a warning about a seriously vulnerability in a Wordpress plugin, in the WP Super Cache Plugin, described here About one million bloggers use it.  It is fixed in Version 1.4.4.   Webroot tweeted this advisory Monday evening.
  
So It’s a good security idea to keep Plugins updated when upgrades are offered.
  
I did a quick check and it seems that I do not use it.  



Update: April 27

Wordpress (in my case, BlueHost, at around 3:30 PM today EDT) has updated all users with 4.2.1 with a patch for the problem.  Australian guru "Bogtyant" had warned Wordpress users to disable comments until problem was fixed.  Updated story on Sucuri here.

Wordpress has a press release on the "cross scripting vulnerability" here. 

No comments: