WordPress 4.0.1 Protection Launch – San Francisco

WordPress 4.0.1 is currently readily available. This is a important safety launch for all previous variations as well as we highly urge you to upgrade your websites quickly.

Websites that sustain automated history updates will certainly be upgraded to WordPress 4.0.1 within the following couple of hrs. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will certainly be upgraded to 3.9.3, 3.8.5, or 3.7.5 to maintain every little thing safe and secure. (We do not sustain older variations, so please upgrade to 4.0.1 for the most recent as well as biggest.)

WordPress variations 3.9.2 as well as earlier are impacted by a crucial cross-site scripting susceptability, which can make it possible for confidential customers to jeopardize a website. This was reported byJouko Pynnonen This problem does not impact variation 4.0, yet variation 4.0.1 does resolve these 8 safety problems:

  • 3 cross-site scripting problems that a factor or writer can utilize to jeopardize a website. Uncovered by Jon Cave, Robert Chapin, as well as John Blackbourn of the WordPress safety group.
  • A cross-site demand bogus that can be utilized to deceive a customer right into transforming their password.
  • A problem that can bring about a rejection of solution when passwords are examined. Reported by Javier Nieto Arevalo as well as Andres Rojas Guerrero.
  • Added defenses for server-side demand bogus assaults when WordPress makes HTTP demands. Reported by Ben Bidner (vortfu).
  • An exceptionally not likely hash crash can permit a customer’s account to be jeopardized, that likewise called for that they have not visited because 2008 (I want I were joking). Reported by David Anderson.
  • WordPress currently revokes the web links in a password reset e-mail if the individual remembers their password, visit, as well as adjustments their e-mail address. Reported individually by Momen Bassel, Tanoy Bose, as well as Bojan Slavković of ManageWP

Variation 4.0.1 likewise solutions 23 insects with 4.0, as well as we have actually made 2 setting adjustments, consisting of much better recognition of EXIF information we are drawing out from uploaded images. Reported by Chris Andrè Dale.

We valued the responsible disclosure of these problems straight to our safety group. To learn more, see the release notes or seek advice from the list of changes.

Download WordPress 4.0.1 or endeavor over to Control Panel → Updates as well as merely click “Update Now”.

Currently examining WordPress 4.1? The 2nd beta is currently readily available (zip) as well as it consists of these safety solutions. For even more on 4.1, see the beta 1 announcement post.


Cogknockers is a San Francisco WordPress Development Agency with 20+ Years Experience.  WordPress Design is at the core of our services.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Recent News

0

Scroll to Top