Yesterday, wordpress and Joomla! released some minor version, with serious security patches.
- Inadequate filtering of request data leads to a SQL Injection vulnerability.
- Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
- Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
- Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.
In addition, those minor updates add some patch to correct bugs.
Direct consequences is that plugins / components providers will provide as well some updates. Latest exemple :
As we can see, all those recents updates are concerning security.
Simple question : what happens when you do not patch ?
Simple Answer : you are exposed and vulnarable
After release has been made, hackers, and other security researchers will already be looking at the changes and working out how to exploit them for their own gain.
Latest exemple of big security issue on wordpress on begin of this year :
Any wordpress website wich is still <= 4.7.1 is still vulnerable to defacing !
This is why we are doing our best to maintain up to date the website we are in charge ! If you have any trouble updating your website, we can do it for you. Remember the steps :
- backup your website (files + database) or call us to know the status of your backups if we host your web
- udpate one by one the core / plugins / components
- empty website cache
- test your web (front / back)
- test again !
- rollback if needed using the backups you did (or the ones we have if we host your web)
And use WAF ! (Web Application Firewall)
We recomand :
Hope that this post will clarify why patching is so important !