New WordPress 4.9.2 Security and Maintenance Release

WordPress has just released a new maintenance/security update which impacts all the WordPress version since WordPress 3.7.

It has been found that there is a security vulnerability in Flash Fallback, a media element included in older versions of the WordPress library. Now it has been removed from WordPress and the new update Version 4.9.2 will no longer contain it.

WordPress 4.9.2 will also cover fixes for a handful of smaller bugs found in the 4.9.1 release series. These fixes include JavaScript errors that prevented saving posts and the ability to restore previous widget assignments when switching themes, among other 21 bug fixes.

As a client of Ezone, no action is required at your end. We have already updated your site and you can be sure that you now have the secured version running.

If your site is not maintained by Ezone, we recommend that you update your site immediately. Be sure to backup your current WordPress site first and then simply go to Dashboard >> Updates >> Update Now to proceed with the update to WordPress 4.9.2.

Update to WordPress 4.8.3 Now

WordPress 4.8.3 has just been released and if you haven’t upgraded your WordPress website yet, then you should do so as soon as possible.

Version 4.8.3 is an important security update that will fix a serious programming flaw that can potentially expose WordPress-powered websites to the possibility of being attacked and hijacked by hackers by means of injecting malicious SQL database commands.

The bug, CVE-2017-14723, was discovered and reported by security researcher Anthony Ferrara in September. The WordPress core is not affected, the vulnerability lies in WPDB, a set of functions used to talk to the WordPress database, and its ability to include sprint tokens.

The vulnerable functionality was first found in version 4.8.1. WordPress version 4.8.2, which included fixes for many bugs, was supposed to address this flaw. However, according to Ferrara, version 4.8.2 only dealt with “a narrow subset of the potential exploits” and didn’t actually fix the root issue.

In version 4.8.2 and earlier, the buggy code, $wpdb->prepare(), can create unexpected and unsafe queries and potentially allow malicious SQL injection. The newly-released WordPress 4.8.3 security update addresses this flaw by changing the behavior of the esc_sql() function and hardening it to protect it from attacks via plugins and themes.

How to Update to WordPress 4.8.3

If you are a client of Ezone, you needn’t do anything as we have already upgraded you to WordPress version 4.8.3. You can log in to your website as you normally do and be assured that your website is protected from this security threat.

If you wish to upgrade to WordPress 4.83 yourself, follow these steps:

    1. Check first what version of WordPress your site is using. Go to the Dashboard, look in the ‘At a Glance’ panel:
    2. Download the latest version of WordPress 4.83 from the WordPress website, or go to Updates in the Dashboard and choose “Update now.”

This website uses cookies OK Thanks