N/APosted on - 12/24/2014
Which is the latest WordPress version that has been released on date? What vulnerabilities have been covered in the latest release? What is the additional features provided by the new version? The earlier versions were exposed to XSS attacks. Have these been taken care of? What is a cross site request forgery and what are its implications?
Does the latest WordPress release solved the issues in the earlier versions?
Latest Word press version 4.1 released on December 17, 2014. Word Press versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability. Any anonymous user can compromise the site because of this cross site scripting vulnerability. Version 4.0.1 has solved some of the security issues:
1. Three cross-site scripting issues – In this issue a contributor or author could be used to compromise a site.
2. A cross-site request forgery – It could be used for tricking a user into changing their password.
3. Whenever a password gets checked, there is denial of service.
4. Additional protections for server-side request forgery attacks when Word Press makes any HTTP requests.
New things included in word press latest version
1. In “At a Glance” section, it just shows number of approved comments instead of all total comments.
2. Site Language: Install translations on the General Settings screen. The language drop down now includes installed languages and all available translations.
3. Admin notices: There are now four types of notices: success (green), warning (orange), error (red), and info (blue).
4. On the edit post screen, for the post title field Spellchecking has been enabled.
5. Admin menu separators are now hidden.
6. In the media manager, they have improved keyboard control of Edit Selection mode.
7. On custom header and custom background screen they have improved keyboard accessibility.
8. Improved text contrast against dark backgrounds in the admin menu and toolbar.