Folks who don’t have RealBasics service contracts need to patch their Wordpress sites.

On the other hand if you’re already one of our service customers your software’s already updated and your site is secure.

Here’s the warning from the good folks at WordFence

WordPress Vulnerability: WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role. More info available on the National Cyber Awareness System: CVE-2014-0165

WordPress Vulnerability: The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie. More info available on the National Cyber Awareness System: CVE-2014-0166

What to do about the above: Make sure you are running the newest version of WordPress, version 3.8.2.

The post also warns of a vulnerability in the TwitGet plugin.  If you use it you’ll want to upgrade that too. Or have us do it for you.

Of course we do more than keep your website up to date.  We keep it backed up, run multiple security scans, give you access to premium plugins and themes at no extra cost, keep an eye on your server and database performance, and provide up to an hour of consulting, training, and even post scheduling and gallery management!  Give us a call.

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmail

David Innes, RealBasics.com

I've been building and maintaining websites since 1997 and building and supporting similar hypertext-driven software since 1987. I've done maintenance, support, and maintenance for physical and digital systems since 1981. And no, I still haven't seen it all but by now I usually know where to look. More about David Innes...