Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    WordPress Updates Open-Source Blogging Platform for Security

    By
    Sean Michael Kerner
    -
    September 12, 2013
    Share
    Facebook
    Twitter
    Linkedin

      The open-source WordPress blogging platform is being updated to version 3.6.1 to fix a trio of security vulnerabilities. WordPress is a widely deployed platform for blogging and is also suitable for general content management system usage. Currently there are more than 70 million global sites running some version of WordPress.

      WordPress is available as both a hosted platform by way of the WordPress.com Website, as well as an open-source project available via WordPress.org for those who want to self-host the platform. The new WordPress 3.6.1 update is for those who self-host and will require users to update immediately to limit the risk of exploitation. Users can update directly from within their own WordPress installations to get the latest version.

      Among the three security flaws fixed in WordPress 3.6.1 is a PHP usage issue that could have potentially enabled arbitrary remote code execution by an attacker. WordPress uses PHP on the server side in order to run.

      Another key fix is for a privilege escalation issue. According to the WordPress 3.6.1 release announcement, the fix will “prevent a user with an Author role, using a specially crafted request, from being able to create a post ‘written by’ another user.”

      The open-source blogging platform is also getting a fix for an insufficient input validation vulnerability. That vulnerability could potentially enable an attacker to inject a link into a site and then redirect users to another Website.

      Going beyond just fixing immediate security flaws, WordPress 3.6.1 is also taking a proactive approach to harden the platform against security risks. One of the additional security hardening efforts in WordPress 3.6.1 is an update to security restrictions around file uploads to mitigate the potential for cross-site scripting (XSS). An XSS flaw can potentially occur when code is injected into a site, giving an attacker some form of control or unauthorized access.

      “The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML,” the WordPress 3.6.1 release notes state.

      Files with an .swf extension are Flash media files, while .exe denotes an executable program file.

      The new WordPress update isn’t just about security fixes either. Some 13 additional bug and stability fixes are part of the update.

      WordPress 3.6.1 is the first incremental update to the WordPress 3.6 platform that was first released on Aug. 1 and has already been downloaded over 7.4 million times. Among the key features that the 3.6 version introduced are improved post auto-saving capabilities and an enhanced revision browser.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×