Well, another release of WordPress is out in the wild – this one being a small security and maintenance release – which aims to fix a number of relatively significant security issues with previous versions of WordPress. These issues include a Cross-Site Scripting (XSS) attack vector in media files, a URL redirection validation issue, accidental deletion of important files associated with plugin removal (ouch), two further XSS vectors via YouTube embeds and taxonomy term names, and finally a cross-site request forgery (CSRF) issue which is present in the ‘Press This’ function, related to the WordPress Press This bookmarklet.
In addition, there are 39 further maintenance fixes since the previous version, which was, mind you, only released at the end of January. These developers work hard to ensure that WordPress is nice and secure, and the least we can do is ensure that all of our sites are kept up-to-date and running the latest and greatest software.
What a big scary list! Well, on the surface it is… but in reality, these issues are probably already patched if you’re running a WordPresto Managed site! We’ve likely taken care of these updates, depending on your update frequency, and you can get back to worrying about what matters – your content, and your customers.