Need help transitioning to online platforms? Call us at (310) 267-HELP (4357) or email [email protected].

Updated On April 30, 2015 - 10:26am

Upgrade to WordPress Version 4.2.1

Security alert: Why you should update your version of WordPress ASAP

If you are running an older version of WordPress than 4.2.1, your website security may be at risk. A Finnish security researcher has published a zero-day XSS vulnerability in the WordPress core engine that can perform:

  1. WordPress administrator actions (adding, modifying, removing WP accounts/passwords, etc.) and
  2. arbitrary code execution using plugin and theme editors on the host OS running a WordPress installation under version 4.2.1. The attack vector is the WP comment functionality.

A proof of concept video and more information can be found here: The full description of the attack can be found on the researcher’s blog at:

Worth noting is an upgrade to WordPress 4.2.1 patches an unrelated SQL injection attack vector:

If you have any questions or need further assistance, please contact Alex Podabas, Senior Information Security Analyst, at [email protected].