AllmäntBloggHemsidaIT-SäkerhetNyheterSäkerhetSkadlig kodWebbdesignWebbfabrikenWebbhotellWordpress

WordPress 4.2.2 is released with security patch and bugfixes

Inlägget har lästs 37159 gånger

WordPress has released a new version (again) and latest version is 4.2.2.
This release has 13 bugfixes and a fix for the latest XSS vulerability fix.

One important fix is the example.html file that WordPress provided in their three default themes Twentyfifteen, Twentyfourteen and Twentythirteen, containing the genericons package. That file can be used to do DOM-based XSS exploit and could be used to execute javascript code in your browser and take over the site if you are logged into wp-admin.

I recommend you to update your WordPress installation as soon as possible or at least remove the following file:

* wp-content/themes/twentythirteen/genericons/example.html
* wp-content/themes/twentyfourteen/genericons/example.html
* wp-content/themes/twentyfifteen/genericons/example.html

In addition to the security fixes, WordPress 4.2.2 contains fixes for 13 bugs from 4.2.1, including:

– Fixes an emoji loading error in IE9 and IE10
– Fixes a keyboard shortcut for saving from the Visual editor on Mac
– Fixes oEmbed for YouTube URLs to always expect https
– Fixes how WordPress checks for encoding when sending strings to MySQL
– Fixes a bug with allowing queries to reference tables in the dbname.tablename format
– Lowers memory usage for a regex checking for UTF-8 encoding
– Fixes an issue with trying change the wrong index in the wp_signups table on utf8mb4 conversion
– Improves performance of loop detection in _get_term_children()
– Fixes a bug where attachment URLs were incorrectly being forced to use https in some contexts

Comments (1)

  1. Thanks for the helpful article. The previous version of the WordPress, update 4.2.1 was meant to specifically address the XSS vulnerability within the WP core. However, the developers rushed the Zero-Day exploit fix and failed to fully address the security issues. Now, they’ve patched further security holes. For a quick summary on what WordPress 4.2.2 is about, I found this article helpful:

Comment here