WordPress Pushes Out Multiple Flawed Security Updates

2020-11-02 17:41

The day after WordPress pushed out a critical 5.5.2 security update, patching a remote code execution bug and nine additional flaws, it was forced push out a second update and then a third 5.5.3 update.

The hiccup is tied to the WordPress auto-update feature that accidentally started sending 455 million websites a WordPress update that caused new WordPress installs to fail.

WordPress users expressed dismay and confusion that the multiple sites they managed began displaying the message "BETA TESTERS: This site is set up to install updates of future beta versions automatically" on their admin console.

Another WordPress administrator identified as pcdeveloper pointed out that, "This is a serious security concern as a rogue developer could push out malicious code in an update that nobody else checks".

WordPress does allow users to disable auto-updates both for major or just minor maintenance and security updates.

News URL

https://threatpost.com/wordpress-flawed-security-updates/160849/

#security #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159

News URL

Related news

Related vendor