Security Alerts & News
by Tymoteusz A. Góral

History
#2079 WordPress webmasters urged to upgrade to version 4.73 to patch six security holes
Another day, another important security update for WordPress. Oh boy.

If you administer your own self-hosted WordPress website then you must update the software as soon as possible, following the disclosure of six security holes that could be exploited by malicious attackers.

Version 4.7.3 of the immensely popular web-publishing software has been released, alongside a warning that if left unpatched websites could be vulnerable to various threats, including cross-site scripting and request forgery attacks:

* Cross-site scripting (XSS) via media file metadata.
* Control characters can trick redirect URL validation.
* Unintended files can be deleted by administrators using the plugin deletion functionality.
* Cross-site scripting (XSS) via video URL in YouTube embeds.
* Cross-site scripting (XSS) via taxonomy term names.
* Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.
Read more
#2082 Payments giant Verifone investigating breach
#2081 Multiple unpatched vulnerabilities discovered in Western Digital NAS hard drives
#2080 Android gets patches for critical OpenSSL, media server and kernel driver flaws
#2079 WordPress webmasters urged to upgrade to version 4.73 to patch six security holes
#2078 Satan ransomware: old name, new business model
#2077 Don’t let WikiLeaks scare you off of Signal and other encrypted chat apps
#2076 WikiLeaks claims CIA could turn Samsung Smart TVs into listening devices
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12