WordPress versions 4.5, 4.5.1 and 4.5.2 are not secure, update your sites immediately
WordPress latest version 4.5.3 has been released on June 21, 2016. This is a security release of wordpress as all previous versions are affected by several security issues.
WordPress Security and maintenance team found 17 more bugs in wordpress versions 4.5, 4.5.1 and 4.5.2. Team members have reported issues related to various functionalities and rectify them and provide more security to its latest version.
In this release total 33 wordpress core files have been modified to rectify the issues. List of few resolved issues in this release are as follows :
- Unauthorized category removal from a post
- Password change via stolen cookie
- Revision history information disclosure
- Redirect bypass in the customizer
- Two different XSS problems via attachment names
- oEmbed denial of service
- Some less secure sanitize_file_name edge cases
To know the complete list of modified files and lists of bugs that have been rectified, visit the official website here.
I strongly recommend to update your wordpress websites immediately to make them secure. Some websites are having automatic update enabled, they have been updated automatically. But those who have disabled this automatic update feature are recommended to update it on priority basis by :
- Click on “Update Now” option from dashboard which update wordpress to your latest version automatically.
- Go to Admin Dashboard => Updates and click on “Update Now” button to update it automatically.
- Go for manual update.
As we know that hackers always look for the outdated versions to attack, So we should update wordpress on regular basis to make it more secure.