WordPress Update

wordpress-logo-stacked-rgbAn important security update was released for WordPress Core this week when version 3.9.2 was made available to patch a possible denial of service issue in PHP’s XML processing.

In addition, several other vulnerabilities were patched including:

  • Fixes a possible but unlikely code execution when processing widgets.
  • Prevents information disclosure via XML entity attacks in the external GetID3 library.
  • Adds protections against brute attacks against CSRF tokens.
  • Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

All ESC! Technologies Group clients who subscribe to one of our WordPress Maintenance plans have been updated to this new release — there is nothing you need to do at this point.

All other WordPress users should update their installations as soon as possible.

For more information: https://wordpress.org/news/2014/08/wordpress-3-9-2/

WordPress Plugins

The Gmedia Gallery plugin version 1.2.1 contains a serious shell upload vulnerability.

NO ESC! Technologies Group clients have been affected by this vulnerability, however anyone else using the Gmedia Gallery  plugin should upgrade immediately.