We encourage all of our clients who uses the popular web-based blogging tool WordPress to update the soonest. This is in relation to the discovery of a security flaw in versions 4.2.2 and earlier.
More detail on the the official wordpress website:https://wordpress.org/news/2015/07/wordpress-4-2-3/
Users on the said versions allow cross-site scripting to take over the site even with a contributor or author role. The cross-site scripting (XSS) attacks allow a script kiddie or hacker or any malicious users to embed malicious code in a website's own coding system. Credit to the internal members of WordPress' security team who discovered the flaw.
Update Now! The said update also fixes a total of 20 flaws, including one where it "was possible for a user with Subscriber permissions to create a draft through Quick Draft."
Your Technical Support Team!
Friday, July 24, 2015