WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a maintenance and security release for all WordPress versions since 3.7, and you need to update your websites immediately.

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.9.1 Security Release

WordPress 4.9.1 is now available. This is a security release for all previous versions since WordPress 3.7, and it is strongly recommended that you update your websites immediately.

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.8.3 Security Release

WordPress 4.8.3 is now available. This is a security release for all previous versions, and you must update your websites immediately.

WordPress versions 4.8.2 and earlier are affected by an issue where unexpected and unsafe queries can lead to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but special hardening has been added to prevent plugins and themes from accidentally causing a vulnerability.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 became available today. This is a security release for all previous versions, and you need to update your websites immediately. The update fixes 9 security issues.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 became available today. The new version addresses 6 security issues affecting WordPress 4.7.4 and earlier releases. It also includes 3 maintenance fixes to the 4.7 release series.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.7.3 Security and Maintenance Release

WordPress 4.7.3 became available today. This is a security release for all previous versions and it’s strongly recommended to update your sites immediately. The new version addresses six security issues that may put your website at risk of being hacked.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.7.2 Security and Maintenance Release

WordPress 4.7.2 became available today. This is a security release for all previous versions and it’s strongly recommended to update your sites immediately. The new version addresses three security issues that may put your website at risk of being hacked.

While WordPress.org already started automatic background updates that do not require you to do anything it may take some time for them to get to your website. If it does not update automatically today, do it yourself (if you are confident enough) or contact Dusk Owl for help.

WordPress 4.7.1 Security and Maintenance Release

WordPress.org today announced the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and it’s strongly recommended to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues that may put your website at risk of being hacked.

While WordPress performs such releases automatically, it takes time to do it from their end. After all, WordPress powers millions of websites. If your site has not been updated automatically today, do it yourself if you are confident enough or contact us for help.