Major Vulnerability Wordpress 3.8.1 and 3.7.1 - Upgrade Mandatory

General

Wordpress, one of the most widespread CMS’es in the world, has recently released a new version in order to close a vulnerability which allows attackers unauthorized access to your environment.

When a user logs into Wordpress so-called ‘authentication cookies’ are created and placed on your computer. These authentication cookies contain information regarding the user and authentication and are used for providing access. However, it now seems those authentication cookies can be forged by an attacker, thereby granting full access to your environment.

The new Wordpress version, 3.8.2, contains a patch for this vulnerability. If you have Wordpress 3.8.1 or lower then we strongly recommend updating your installation to version 3.8.2 as soon as possible.

If you are still on Wordpress 3.7.1 then please update to version 3.7.2 which contains the same patch.

For more information about this vulnerability please see here: http://wordpress.org/news/2014/04/wordpress-3-8-2/

If you have any questions regarding this blogpost or would like additional support from us, please send an e-mail to support@cloudvps.com.