College of Engineering |

DECS

wordpress-logo-stacked-rgb.png

If you maintain a website in WordPress, please be aware of these new issues fixed since March 6, 2017 and upgrade:

WordPress versions 4.7.2 and earlier are affected by six security issues:

  1. Cross-site scripting (XSS) via media file metadata.
  2. Control characters can trick redirect URL validation.
  3. Unintended files can be deleted by administrators using the plugin deletion functionality.
  4. Cross-site scripting (XSS) via video URL in YouTube embeds.
  5. Cross-site scripting (XSS) via taxonomy term names.
  6. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

For more information and procedures, please see Related Links.

Security category