WordPress Security Issues: Are You Vulnerable to the WordPress Security Flaw?


WordPress announced a critical cross-site scripting vulnerability in the Internet’s most popular and widely used content management system on November 20, 2014. See the official WordPress release at https://wordpress.org/news/2014/11/wordpress-4-0-1/.

WordPress Security Issues: Are you running versions prior to 3.9.3?

Jouko Pynnonen with the Finnish IT company Klikki Oy initially discovered the vulnerability which could allow anonymous users to compromise websites running versions of WordPress prior to 3.9.3. The severity of the problem is compounded by the fact that older versions of WordPress are running on millions of websites across the internet. Those sites are now vulnerable to WordPress security issues including allowing an anonymous user to gain complete administrative control of these websites and (potentially) the underlying operating system. About 86 percent of all WordPress sites are running a vulnerable version as of 11/20/2014 (source: WordPress.org). The sites which have been exploited could then be used to attack other users or part of a botnet. What is really scary about this new vulnerability are the reports which indicate that it is being actively exploited and that the code needed to exploit it is available on the Internet.

WordPress Security Issues: Are You Vulnerable?

The WordPress version of your site should be prominently displayed in the administrative section either in the header or footer (depending on the version) or in the “At a Glance” pane within the dashboard. As a last resort, the version is contained in the readme.html file.

Share this article:

Table of contents: