WordPress Updates Open-Source Blogging Platform for Security
The widely deployed blogging platform is being updated for security and bug fixes.The open-source WordPress blogging platform is being updated to version 3.6.1 to fix a trio of security vulnerabilities. WordPress is a widely deployed platform for blogging and is also suitable for general content management system usage. Currently there are more than 70 million global sites running some version of WordPress. WordPress is available as both a hosted platform by way of the WordPress.com Website, as well as an open-source project available via WordPress.org for those who want to self-host the platform. The new WordPress 3.6.1 update is for those who self-host and will require users to update immediately to limit the risk of exploitation. Users can update directly from within their own WordPress installations to get the latest version. Among the three security flaws fixed in WordPress 3.6.1 is a PHP usage issue that could have potentially enabled arbitrary remote code execution by an attacker. WordPress uses PHP on the server side in order to run. Another key fix is for a privilege escalation issue. According to the WordPress 3.6.1 release announcement, the fix will "prevent a user with an Author role, using a specially crafted request, from being able to create a post 'written by' another user."
The open-source blogging platform is also getting a fix for an insufficient input validation vulnerability. That vulnerability could potentially enable an attacker to inject a link into a site and then redirect users to another Website.