Saturday, May 09, 2015

Another WordPress XSS vulnerability; please update!

Another vulnerability was recently discovered in WordPress which affects a large number of OCF web hosting users. The vulnerability can potentially allow a malicious person to hijack your session and compromise your website.

All users should update immediately to the latest version of WordPress. Version 4.2.2 (i.e. the latest version) is the only version we consider safe.

Updating WordPress is extremely easy; it's just a single click after logging in to the admin panel.

Recent versions of WordPress come with automatic updates enabled for minor releases, which can help to protect you from future vulnerabilities. We strongly recommend not disabling this feature!

If we've contacted you and you need help updating your site, please don't hesitate to get in touch so that we can help!

We will be emailing affected users in the near future and offering to upgrade WordPress on their behalf. If you'd like us to not do this, please confirm that either (a) you have updated it yourself, (b) you've removed WordPress entirely, or (c) you'd like to close your OCF account.

Thanks for your help!