Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

Get answers from experts today. (it's 100% free). Spyware, Virus, Trojan, Rootkit? Remove malware > Virus Removal Forum. Learn how it works.

Create an Account Login to Account


Photo

WordPress update available


  • Please log in to reply
85 replies to this topic

#76 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 24 January 2014 - 01:55 PM

FYI...

WordPress 3.8.1 released
- http://wordpress.org/download/
Jan 23, 2014 - "The latest stable release of WordPress (Version 3.8.1) is available..."

- https://wordpress.org/news/
"... addresses -31- bugs in 3.8, including various fixes and improvements for the new dashboard design and new themes admin screen. An issue with taxonomy queries in WP_Query was resolved..."

ChangeLog
- https://core.trac.wo...&stop_rev=26862

Codex
- http://codex.wordpress.org/Embeds

Summary
- http://make.wordpres...ease-candidate/
 

:ph34r:


This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#77 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 10 April 2014 - 12:33 PM

FYI...

WordPress 3.8.2 released
- https://secunia.com/advisories/57769/
Release Date: 2014-04-10
Criticality: Moderately Critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
...  vulnerabilities are reported in versions prior to 3.8.2.
Solution: Update to version 3.8.2.
Original Advisory:
- http://wordpress.org...ordpress-3-8-2/
April 8, 2014 - "WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately. This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies... This release also fixes nine bugs and contains three other security hardening changes..."

- http://wordpress.org/download/

Changelog
- https://core.trac.wo...wser/?rev=28060
___

- http://www.securityt....com/id/1030071
CVE Reference:   
- https://web.nvd.nist...d=CVE-2014-0165 - 4.0
- https://web.nvd.nist...d=CVE-2014-0166 - 6.4 (HIGH)
Apr 11 2014
Impact: Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 3.7.2 and 3.8.2 ...
Solution: The vendor has issued a fix (3.7.2, 3.8.2)...
- http://wordpress.org...ordpress-3-8-2/
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 11 April 2014 - 11:27 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#78 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 16 April 2014 - 01:57 PM

FYI...

WordPress 3.9 released
- https://wordpress.org/download/
Apr 16, 2014 - "The latest stable release of WordPress (Version 3.9) is available..."

- https://wordpress.or.../2014/04/smith/
"... available for download or update in your WordPress dashboard. This release features a number of refinements..."

- https://core.trac.wo...rowser/tags/3.9
 

.


This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#79 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 09 May 2014 - 12:39 PM

FYI...

WordPress 3.9.1 released
- https://wordpress.org/download/
May 8, 2014 - "The latest stable release of WordPress (Version 3.9.1) is available..."

- https://wordpress.or...ordpress-3-9-1/
"... This maintenance release fixes -34- bugs in 3.9, including numerous fixes for multisite networks, customizing widgets while previewing themes, and the updated visual editor. We’ve also made some improvements to the new audio/video playlists feature and made some adjustments to improve performance..."
 

:ph34r: :ph34r:


This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#80 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 07 August 2014 - 03:20 AM

FYI...

WordPress 3.9.2 released
- https://wordpress.org/download/
Aug 6, 2014 - "The latest stable release of WordPress (Version 3.9.2) ..."

- http://wordpress.org...ordpress-3-9-2/
Aug 6, 2014 - "WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately..."

Release notes
- http://codex.wordpre...g/Version_3.9.2

- https://core.trac.wo...29383&rev=29411
___

- http://www.securityt....com/id/1030684
Aug 7 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.9.2 ...

- http://atlas.arbor.n...index#918586250
Elevated Severity
7 Aug 2014
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 08 August 2014 - 01:10 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#81 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 04 September 2014 - 01:40 PM

FYI...

WordPress 4.0 released
- https://wordpress.org/download/
Sep 4, 2014 - "The latest stable release of WordPress (Version 4.0) is available..."

Release notes
- http://codex.wordpress.org/Version_4.0

Changelog
- http://codex.wordpre...g/Changelog/4.0
 

:ph34r:


This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#82 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 21 November 2014 - 03:50 AM

FYI...

WordPress 4.0.1 Security Release
- https://wordpress.or...ordpress-4-0-1/
Nov 20, 2014 - "WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately... WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site... This issue does not affect version 4.0, but version 4.0.1 does address these -eight- security issues..."

- http://www.securityt....com/id/1031243
Nov 20 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 3.7.5, 3.8.5, 3.9.3, 4.0.1
Description: Several vulnerabilities were reported in WordPress. A remote user can cause denial of service conditions. A remote user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote user can compromise a target user's account...
Solution: The vendor has issued a fix (3.7.5, 3.8.5, 3.9.3, 4.0.1).
The vendor's advisory is available at:
- https://wordpress.or...ordpress-4-0-1/
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 21 November 2014 - 04:05 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#83 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 19 December 2014 - 06:39 AM

FYI...

WordPress Download Manager Security Bypass Vulnerability
- https://secunia.com/advisories/62641/
Release Date: 2014-12-18
Criticality: Highly Critical
...  vulnerability is confirmed in version 2.7.4. Prior versions may also be affected.
Solution: Update to version 2.7.5...
- https://wordpress.or...ager/changelog/
2.7.81: WordPress v4.1 compatibility release
Last Updated: 2014-12-18
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 19 December 2014 - 06:42 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#84 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 13 March 2015 - 08:05 AM

FYI...

Blind SQL Injection against WordPress SEO
- https://isc.sans.edu...l?storyid=19457
2015-03-13 - "WordPress has released an advisory for the WordPress plugin SEO by Yoast. Version up to and including 1.7.3.3 can be exploited with a blind SQL injection. According to WordPress, this plugin has more than one million downloads. A description of the SQL injection with proof of concept is described here[3] and the latest update is available here[2]."

1] https://wordpress.or.../wordpress-seo/
2] https://downloads.wo...s-seo.1.7.4.zip
3] https://wpvulndb.com...rabilities/7841
 

:ph34r: :ph34r:


This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#85 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 30 March 2015 - 03:12 PM

FYI...

WordPress malware causes Psuedo-Darkleech Infection
- http://blog.sucuri.n...-infection.html
March 26, 2015 - "Darkleech* is a nasty malware infection that infects web servers at the root level. It uses malicious Apache modules to add hidden iFrames to certain responses. It’s difficult to detect because the malware is only active when both server and site admins are -not- logged in, and the iFrame is only injected once-a-day (or once a week in some versions) per IP address. This means that the infection symptoms are not easy to reproduce. Since it’s a server-level infection, even the most thorough website-level scans won’t reveal anything. And even when the culprit is identified, website owners may not be able to resolve the issue without help of a server administrator. Despite the detection difficulties, it was quite easy to tell that the server was infected with Darkleech when we saw the malicious code — it has followed the same recognizable pattern since 2012:
- Declaration of a CSS class with a random name and random negative absolute position
- A div of that class
- A malicious iFrame with random dimensions inside that div ..."
(More detail at the sucuri URL above.)
* http://blog.sucuri.n...statistics.html

> https://wordpress.or...sucuri-scanner/
WordPress Security plugin - Version 1.7.8
Last Updated: 2015-3-29
Active Installs: 100,000+
___

Current WordPress version 4.1.1
- https://wordpress.or...ordpress-4-1-1/
Feb 18, 2015
___

- https://secunia.com/advisories/63808/
2015-04-03
Solution Status: Vendor Patch
Software: WordPress Events Manager Plugin 5.x
... vulnerability is reported in versions prior to 5.5.6.
Solution: Update to version 5.5.6.
> https://downloads.wo...nager.5.5.6.zip
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 04 April 2015 - 05:02 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#86 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,821 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 22 April 2015 - 02:39 AM

FYI...

WordPress 4.1.2 released
- https://wordpress.org/news/
April 21, 2015 - "WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site... We also fixed three other security issues..."

- https://wordpress.or...ordpress-4-1-2/

Download
- https://wordpress.org/download/

- https://codex.wordpr...g/Version_4.1.2
April 21, 2015
• A serious critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
• Files with invalid or unsafe names could be uploaded.
• Some plugins are vulnerable to an SQL injection attack.
• A very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
• Four hardening changes, including better validation of post titles within the Dashboard.

- https://www.us-cert....Security-Update
April 23, 2015
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 23 April 2015 - 01:13 PM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users