Wordpress Wordpress 4.4.1 Security Release

eva2000 · Jan 7, 2016

Wordpress 4.4.1 is out with security fixes for cross-site scripting vulnerability that can compromise Wordpress blog sites WordPress › WordPress 4.4.1 Security and Maintenance Release !

WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L.

There were also several non-security bug fixes:

Emoji support has been updated to include all of the latest emoji characters, including the new diverse emoji!

Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins.

If a post URL was ever re-used, the site could redirect to the wrong post.

WordPress 4.4.1 fixes 52 bugs from 4.4. For more information, see the release notes or consult the list of changes.
Click to expand...

eva2000 · Jan 7, 2016

WPScan was updated to detect this cross-site scripting vulnerability too Wordpress - How to install WPScan Vulnerability Scanner for Wordpress | Centmin Mod Community !

Code:

ruby wpscan.rb --url http://wordpress7.centminmod.com
_______________________________________________________________
        __          _______   _____                 
        \ \        / /  __ \ / ____|                
         \ \  /\  / /| |__) | (___   ___  __ _ _ __ 
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team
                       Version 2.9
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[+] URL: http://wordpress7.centminmod.com/
[+] Started: Wed Jan  6 21:20:54 2016

[+] robots.txt available under: 'http://wordpress7.centminmod.com/robots.txt'
[+] Interesting entry from robots.txt: http://wordpress7.centminmod.com/wp-admin/
[+] Interesting header: LINK: <http://wordpress7.centminmod.com/wp-json/>; rel="https://api.w.org/"
[+] Interesting header: SERVER: nginx centminmod
[+] Interesting header: X-CACHE: HIT
[+] Interesting header: X-CACHE-2: BYPASS
[+] Interesting header: X-POWERED-BY: centminmod
[+] This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)
[+] XML-RPC Interface available under: http://wordpress7.centminmod.com/xmlrpc.php

[+] WordPress version 4.4.1 identified from advanced fingerprinting

[+] Enumerating plugins from passive detection ...
| 1 plugin found:

[+] Name: wp-super-cache - v1.4.7
|  Latest version: 1.4.7 (up to date)
|  Location: http://wordpress7.centminmod.com/wp-content/plugins/wp-super-cache/
|  Readme: http://wordpress7.centminmod.com/wp-content/plugins/wp-super-cache/readme.txt

[+] Finished: Wed Jan  6 21:20:58 2016
[+] Requests Done: 42
[+] Memory used: 53.578 MB
[+] Elapsed time: 00:00:03

Log in / Register

Forums

Join the community today

Wordpress Wordpress 4.4.1 Security Release

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Join the community today

Wordpress Wordpress 4.4.1 Security Release

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.