Categories: Wordpress

WordPress Update 4.9.2 – Fix for XSS Vulnerability and 21 Other Bugs

New WordPress update (4.9.2) released yesterday covering the fix for XSS vulnerability and 21 other bugs. The Vulnerability resides with the Flash fallback files in MediaElement plugin. It impacts all the WordPress version since WordPress 3.7.

Flash Fallback is a media element with WordPress library and now it has been removed from WordPress, also MediaElement released a new version of the plugin that contains the bug fix.

Also, the update includes other 21 bug fixes, you can refer the Codex page for all the issues fixed with WordPress update (4.9.2).

Also Read Most Important Considerations Check to Setup Your WordPress Security

XSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable.An attacker can inject untrusted snippets of JavaScript into your application without validation. This JavaScript is then executed by the victim who is visiting the target site.Read More about XSS

Mitigations

WordPress update (4.9.2) released with the security patches users are recommended to update their sites immediately.

WordPress Update

WordPress update (4.9.2) contains 21 maintenance fixes to the 4.9.1 release series. Updates are simple Dashboard >> Updates >> Update Now.

It is always a good idea to backup your WordPress before proceeding with the update, if there are any issues, you can restore your website.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

4 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

4 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

4 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago