Urgent WordPress Upgrade Alert

Did you enjoy this article?
YesNo
Sharing Options:
Estimated Reading Time: < 1 Minute
Rate this post

This post was originally published on February 6, 2017
The latest update to this post was made 7 years ago.

Urgent WordPress Upgrade AlertUrgent WordPress Upgrade Alert

For those running WordPress to host their blogs/website, please be aware a recent vulnerability has been discovered on WordPress v4.7.1 and older that allows remote execution of some SQL commands.  Attackers can use this exploit to trash your articles/blog!  The fix is quit simple, just make sure everything is up to date, especially WordPress itself!

Released from the Department Of Homeland Security on 1-29-2017

Issue
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before v4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.

Resolution
Login to your WordPress site and run updates on any plugins, themes and WordPress itself.  You should be running WordPress v4.7.2 or higher to correct this vulnerability.

We just experienced this vulnerability in action on one of our other websites.  The attacker was able to replace one of our articles with Turkish hacker garbage.  Recovery was fairly simple, just track down to the bottom of your post and restore an earlier version.

Tags: #wordpress #techsupport #security #website #hosting

Loading

Sharing Options:
Did you enjoy this article?
YesNo
This article, also on Blog Encounters, may be of interest:  File Uploads Stop Around 25-30mb In IIS7/7.5/8/8.5

Be the first to comment

Leave A Reply