Word Press Archives - https://cvtfradio.net/category/wordpress/ Conscious Vibrations from terra firma radio Sun, 23 Dec 2018 13:28:46 +0000 en-US hourly 1 WordPress 5.0.2 is here https://cvtfradio.net/2018/12/wordpress-5-0-2-is-here/?utm_source=rss&utm_medium=rss&utm_campaign=wordpress-5-0-2-is-here Sun, 23 Dec 2018 13:24:48 +0000 https://cvtfradio.net/?p=3400   WordPress 5.0.2 is now available! 5.0.2 is a maintenance release that addresses 73 bugs. The primary focus of this release was performance improvements in the block editor: the cumulated performance gains make it 330% faster for a post with 200 blocks. Here are a few of the additional highlights: 45 total Block Editor improvements […]

The post WordPress 5.0.2 is here appeared first on .

]]>

 

WordPress 5.0.2 is now available!

5.0.2 is a maintenance release that addresses 73 bugs. The primary focus of this release was performance improvements in the block editor: the cumulated performance gains make it 330% faster for a post with 200 blocks.

Here are a few of the additional highlights:

For a full list of changes, please consult the list of tickets on Trac or the changelog.

You can download WordPress 5.0.2 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

Thank you to everyone who contributed to WordPress 5.0.2:

The post WordPress 5.0.2 is here appeared first on .

]]> WordPress 4.2.4 Security and Maintenance Release https://cvtfradio.net/2015/08/wordpress-4-2-4-security-and-maintenance-release/?utm_source=rss&utm_medium=rss&utm_campaign=wordpress-4-2-4-security-and-maintenance-release Tue, 04 Aug 2015 19:21:05 +0000 https://www.cvtfradio.net/?p=2920 WordPress 4.2.4 Security and Maintenance Release  Posted August 4, 2015 by Samuel Sidler. Filed under Releases, Security. WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that […]

The post WordPress 4.2.4 Security and Maintenance Release appeared first on .

]]> WordPress 4.2.4 Security and Maintenance Release
 Posted August 4, 2015 by Samuel Sidler. Filed under Releases, Security.

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.

Already testing WordPress 4.3? The second release candidate is now available (zip) and it contains these fixes. For more on 4.3, see the RC 1 announcement post.

The post WordPress 4.2.4 Security and Maintenance Release appeared first on .

]]> WordPress 4.2.2 Security and Maintenance Release https://cvtfradio.net/2015/05/wordpress-4-2-2-security-and-maintenance-release/?utm_source=rss&utm_medium=rss&utm_campaign=wordpress-4-2-2-security-and-maintenance-release Tue, 12 May 2015 22:04:03 +0000 https://www.cvtfradio.net/?p=2885 WordPress 4.2.2 Security and Maintenance Release Posted May 7, 2015 by Samuel Sidler. Filed under Releases, Security. WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. Version 4.2.2 addresses two security issues:   The Genericons icon font package, which […]

The post WordPress 4.2.2 Security and Maintenance Release appeared first on .

]]> WordPress 4.2.2 Security and Maintenance Release

WordPress-logoPosted May 7, 2015 by Samuel Sidler. Filed under Releases, Security.

WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Version 4.2.2 addresses two security issues:

 

  • The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.
  • WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi from Baidu[X-team].

The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.2 also contains fixes for 13 bugs from 4.2. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.

Thanks to everyone who contributed to 4.2.2:

The post WordPress 4.2.2 Security and Maintenance Release appeared first on .

]]> WordPress 4.2.1 released new patch https://cvtfradio.net/2015/04/wordpress-4-2-1-released-new-patch/?utm_source=rss&utm_medium=rss&utm_campaign=wordpress-4-2-1-released-new-patch Mon, 27 Apr 2015 21:48:29 +0000 https://www.cvtfradio.net/?p=2364 WordPress 4.2.1 Released to Patch Comment Exploit Vulnerability Sarah Gooding April 27, 2015 4 photo credit: Will Montague – cc This morning we reported on an XSS vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an attacker to compromise a site via its comments. The security team quickly patched the vulnerability and released […]

The post WordPress 4.2.1 released new patch appeared first on .

]]>

WordPress 4.2.1 Released to Patch Comment Exploit Vulnerability

4
photo credit: Will Montague - cc
photo credit: Will Montaguecc

This morning we reported on an XSS vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an attacker to compromise a site via its comments. The security team quickly patched the vulnerability and released 4.2.1 within hours of being notified.

WordPress’ official statement on the security issue:

The WordPress team was made aware of a XSS issue a few hours ago that we will release an update for shortly. It is a core issue, but the number of sites vulnerable is much smaller than you may think because the vast majority of WordPress-powered sites run Akismet, which blocks this attack. When the fix is tested and ready in the coming hours WordPress users will receive an auto-update and should be safe and protected even if they don’t use Akismet.

That auto-update is now being rolled out to sites where updates have not been disabled. If you are unsure of whether or not your site can perform automatic background updates, Gary Pendergast linked to the Background Update Tester plugin in the security release. This is a core-supported plugin that will check your site for background update compatibility and explain any issues.

Since Akismet is active on more than a million websites, the number of affected users that were not protected is much smaller than it might have been otherwise.

WordPress 4.2.1 is a critical security release for a widely publicized vulnerability that you do not want to ignore. Users are advised to update immediately. The background update may already have hit your site. If not, you can update manually by navigating to Dashboard → Updates.

The post WordPress 4.2.1 released new patch appeared first on .

]]> Critical Vulnerability in popular WordPress themes https://cvtfradio.net/2014/12/critical-vulnerability-popular-wordpress-themes/?utm_source=rss&utm_medium=rss&utm_campaign=critical-vulnerability-popular-wordpress-themes Sat, 27 Dec 2014 21:37:37 +0000 https://www.cvtfradio.net/?p=2029

Hackers exploit critical vulnerability in popular WordPress theme component WordPress admins should check if their sites use the Slider Revolution plug-in and update it immediately, researchers said By Lucian Constantin | 04 September 14. Attackers are actively exploiting a critical vulnerability in a WordPress plug-in that’s used by a large number of themes, researchers from […]

The post Critical Vulnerability in popular WordPress themes appeared first on .

]]>

Hackers exploit critical vulnerability in popular WordPress theme component WordPress admins should check if their sites use the Slider Revolution plug-in and update it immediately, researchers said By Lucian Constantin | 04 September 14.

Attackers are actively exploiting a critical vulnerability in a WordPress plug-in that’s used by a large number of themes, researchers from two security companies warned Wednesday.

The vulnerability affects versions 4.1.4 and older of Slider Revolution, a commercial WordPress plug-in for creating mobile-friendly content display sliders. The flaw was fixed in Slider Revolution 4.2 released in February, but some themes — collections of files or templates that determine the overall look of a site — still bundle insecure versions of the plug-in.

The vulnerability can be exploited to execute a local file inclusion (LFI) attack that gives hackers access to a WordPress site’s wp-config.php file, researchers from Web security firm Sucuri said in a blog post. This sensitive file contains database access credentials that can be used to compromise the whole site, the researchers said.

The post Critical Vulnerability in popular WordPress themes appeared first on .

]]> Web Security Issues https://cvtfradio.net/2014/10/web-security-issues/?utm_source=rss&utm_medium=rss&utm_campaign=web-security-issues Fri, 03 Oct 2014 09:49:57 +0000 http://spotlight.themerex.net/?p=1801

A serious vulnerability in the WP eCommerce Plugin was announced within the last 24 hours (321st Oct 2014) . A fix has been released and some hosting companies are already auto-upgrading customers to the newest version. Upgrade to 3.8.14.4 of WP eCommerce immediately if you use this plugin. Please spread the word because with almost […]

The post Web Security Issues appeared first on .

]]>

A serious vulnerability in the WP eCommerce Plugin was announced within the last 24 hours (321st Oct 2014) . A fix has been released and some hosting companies are already auto-upgrading customers to the newest version.

Upgrade to 3.8.14.4 of WP eCommerce immediately if you use this plugin. Please spread the word because with almost 3 million downloads this is a very popular plugin.

Details on our blog…

The post Web Security Issues appeared first on .

]]> Modern Cars CAN Be Hacked Remotely From Any Where On Earth — Senator Markey https://cvtfradio.net/2014/08/modern-cars-can-be-hacked-remotely-from-any-where-on-earth-senator-markey/?utm_source=rss&utm_medium=rss&utm_campaign=modern-cars-can-be-hacked-remotely-from-any-where-on-earth-senator-markey Wed, 06 Aug 2014 11:49:38 +0000 http://localhost/spot/?p=1123 The gadget that can hack any CAR – Terrifying £12 tool can remotely control headlights, locks, steering and even brakes   Gadget is fitted to the Controller Area Network (CAN) of a modern car Depending on the make of car, the CAN controls lights, locks and brakes Hackers claim it can be fitted to any […]

The post Modern Cars CAN Be Hacked Remotely From Any Where On Earth — Senator Markey appeared first on .

]]> The gadget that can hack any CAR – Terrifying £12 tool can remotely control headlights, locks, steering and even brakes

Diagram of the computer electronics in a car that can be hacked from anywhere

 

Gadget is fitted to the Controller Area Network (CAN) of a modern car

Depending on the make of car, the CAN controls lights, locks and brakes

Hackers claim it can be fitted to any car’s network ‘within five minutes’

CAN Hacking Tool (CHT) runs malicious code into the car’s system

Researchers in the U.S. previously hacked the software in a Toyota Prius

By Victoria Woollaston Dailymail.co.uk

Published: 13:36, 6 February 2014 | Updated: 12:14, 8 May 2014

We found this on investmentwatchblog.com

The post Modern Cars CAN Be Hacked Remotely From Any Where On Earth — Senator Markey appeared first on .

]]>