Folks who don’t have RealBasics service contracts need to patch their Wordpress sites.
On the other hand if you’re already one of our service customers your software’s already updated and your site is secure.
Here’s the warning from the good folks at WordFence
WordPress Vulnerability: WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role. More info available on the National Cyber Awareness System: CVE-2014-0165
WordPress Vulnerability: The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie. More info available on the National Cyber Awareness System: CVE-2014-0166
What to do about the above: Make sure you are running the newest version of WordPress, version 3.8.2.
The post also warns of a vulnerability in the TwitGet plugin. If you use it you’ll want to upgrade that too. Or have us do it for you.
Of course we do more than keep your website up to date. We keep it backed up, run multiple security scans, give you access to premium plugins and themes at no extra cost, keep an eye on your server and database performance, and provide up to an hour of consulting, training, and even post scheduling and gallery management! Give us a call.