AskCyberSecurity.com

Cyber Security News & Information

AskCyber Home » News » News » Feds Warn WordPress Sites Vulnerable to Security Bugs

Feds Warn WordPress Sites Vulnerable to Security Bugs

by

WordPress Update Security Bugs

Update WordPress Websites Now to Patch Security Bugs

Note: We may earn a commission from products or services when you click on a link and make a purchase.

The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued a security bulletin regarding two WordPress security bugs. CISA recommends that website owners running WordPress protect their sites immediately by updating to the latest version.

The current, secure version is WordPress 5.7.1. This version is a short-cycle security and maintenance release meaning the updates cannot wait until the next planned stable upgrade which will be WordPress 5.8.

CISA encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.7.1.” says the CISA bulletin.

Two security issues affect WordPress versions between 4.7 and 5.7.

  • A security bug involving XML external entity injection within the WordPress media library affecting only PHP 8. The ability to load external entities is disabled.
  • A data exposure vulnerability within the REST API. To fix this WordPress has added extra security measures to restrict access to password protected posts.

The update also fixes 26 other glitches like improved buttons layout and admin pointer arrow border color.

All WordPress versions since 4.7 are also updated with this patch.

READ Feds Launch Cyber Education Website for K-12 Schools

What is CISA?

The Cybersecurity and Infrastructure Security Agency is a United States federal agency based in Virginia. The agency operates as part of the National Protection and Programs Directorate.

Our Most Popular Cyber Security Training Courses

What is WordPress?

WordPress is a content management system (CMS) running about 40 percent of the world’s websites. Once thought of as a basic platform for use by bloggers, WordPress is behind some of almost 15 percent of the world’s top websites like eBay, Sony, GM, UPS, Forbes, CNN, Reuters, The NYT, Samsung, and IBM.

It can be customized with the addition of themes and plugins. WordPress even has eCommerce customizations all available as plugins.

Code is open source and built on PHP and MySQL.

“Because this is a security release, it is recommended that you update your sites immediately,” says the official WordPress release informational page.

WordPress core, themes, and plugins can all be set to take automatic updates. This makes maintenance easier and less time consuming. However automatic updates run the risk Evan countering theme and plugin conflicts that may go unnoticed.

PinTalk.net WordPress

How Update to WordPress 5.7.1

If you need tell instructions on how to update to the most secure version of WordPress follow our tutorial on how to update WordPress. You will need admin permissions to upgrade your site. you may also need to upgrade all your plugins and themes as well.

WordPress website owners and site admins can easily update to WordPress 5.7.1 from withing the admin area of their website. Alternatively, a fresh copy of WordPress can be downloaded from the official repository.

Both upgrade options are always free of charge.

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers