4.1.2 security release detail

  • Resolved here

    (@here)


    9 years, 7 months ago

    Hi all!

    The 4.1.2 official announcement is light on detail about the “critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.”

    The code changes are surely helpful, though I’m not sure which is the critical patch.

    The broad add_query_arg() XSS announcement from a day earlier may be related?

    Is someone able to provide pointers to more detail, conversation, or risk assessment? Specifically, do any of the recommended WordPress hardening strategies mitigate the risk, such as limiting access to wp-admin paths?

    Thank you for any additional detail.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    Details are purposefully light for a few days after the public announcement, to keep folks safe as the updates are pushed out.

    Hardening strategies help protect your site in general, though really the best way to protect your site from this vulnerability it to upgrade to 4.1.2.

    Thread Starter here

    (@here)

    Thank you James.

    Moderator James Huff

    (@macmanx)

    You’re welcome!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘4.1.2 security release detail’ is closed to new replies.

Tags