The anti-hacking team at WordPress has released a critical security update which patches up a vulnerability allowing third parties to take control of a website.
The potential hack was discovered by the WordPress community and patched hours later - but the fix won’t happen automatically for all sites, so anyone with a WordPress-based site should update to the new version WordPress 4.2.1.
A WordPress spokesman said yesterday:
“A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen. WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.”
Hydra Creative appreciates WordPress’s speedy response to the hacking issue and assures clients with WordPress support packages the updates will be completed as part of their agreement.
For clients without a support agreement, please upgrade your WordPress accordingly or contact us to discuss support.