Monday, December 01, 2014

WordPress XSS vulnerability; please update!

A vulnerability was recently discovered in WordPress which affects a large number of OCF web hosting users. The vulnerability can potentially allow a malicious person to hijack your session and compromise your website.

All users should update immediately to the latest version of WordPress. Versions 3.9.3, 3.8.5, 3.7.5, 4.0.0, 4.0.1 are unaffected by this vulnerability, but we highly advise to always use the latest version.

Updating WordPress is extremely easy; it's just a single click after logging in to the admin panel.

Recent versions of WordPress come with automatic updates enabled for minor releases, which can help to protect you from future vulnerabilities. We strongly recommend not disabling this feature!

If we've contacted you and you need help updating your site, please don't hesitate to get in touch so that we can help!