Developers of the widely used WordPress content management system released an update last week, but intentionally delayed announcing that the patch addressed a severe vulnerability.
WordPress version 4.7.2 was released on January 26 as a security update, but the accompanying release notes mentioned only fixes for three moderate risk vulnerabilities, one of which did not even affect the platform’s core code.
On Wednesday, a week later, the WordPress security team disclosed that a fourth vulnerability, much more serious than the others, was also patched in version 4.7.2.
To read this article in full or to leave a comment, please click here
WordPress silently fixes dangerous code injection vulnerability
No comments:
Post a Comment