We request all our Customers and followers to upgrade your Wordpress website to version 4.0 and above as there a dangerous XSS vulnerability has just been identified in WordPress versions prior to 4.0. Through this critical cross-site scripting vulnerability, hackers can take control of full administration rights of your website through the comments section. Wordpress therefore has released an urgent update, addressing this bug and 7 others and recommend the site admins to update to WordPress 4.0.1 at the earliest. Sites that support automatic background updates will not be affected. Wordpress has also updated in their blog that the Version 4.0.1 also fixes 23 bugs with 4.0, and that they have made two hardening changes, including better validation of EXIF data extracting from uploaded photos.
XSS vulnerability in Wordpress – Upgrade now
417
previous post