WordPress 4.2.1 released to fix critical security issues
Earlier today we posted about a critical XSS vulnerability in WordPress. WordPress 4.2.1 has been released to address these issues. We urge all customers to update as soon as possible.
Critical 0 day XSS WordPress vulnerability
A critical crosss site script (xss) bug has been found in WordPress. As of this posting there is no know patch. This post at Securi gives you the details. The ‘short’ version is that it affects comments. We’d suggest disabling comments in WordPress until a patch is issued.
Magento Unauthenticated RCE
A serious RCE (remote code execution) vulnerability has been discovered in Magento. The vulnerability exists in 1.9.1.0 CE and 1.14.1.0 EE (the latest version as of this writing). Full details of the vulnerability can be found on the Check Point web site. We urge all customers running Magento to apply patch SUPEE-5344.
WordPress 4.1.2 Security Release
WordPress version 4.1.2 is now available and we strongly suggest that all customers upgrade. This is a critical security release for all previous versions of WordPress. Full version can be found at the WordPress 4.1.2 blog post.
WP Super Cache XSS Security Update
A security advisory for WP Super Cache has been issued ( http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html ). The issue has been address by the developer and a new version has been released. This is a very popular cache plugin, so update as soon as possible if you use the plugin.
Monthly Uptime Statistics – March 2015
Overall uptime for the month of March 2015 was 99.976%. 21 of 28 servers had 100% uptime.