Several security vulnerabilities in earlier versions of WordPress have been discovered today. The most critical vulnerability what was discovered exists within WordPress versions 3.0-3.9.2 in which an attacker can potentially exploit your site using only a well-placed comment on your site and will allow execution of code as your administrator user when reviewed.

Although the most critical vulnerability is not present in WordPress 4.0, several other less critical vulnerabilities that can cause some sites to become compromied have been detected within WordPress 4.0. WordPress has released version 4.0.1 which resolves these issues.

Who is affected?

If you are running a version of WordPress less than the latest (4.0.1), you are vulnerable to potential attack. While the most severe vulnerability residers in 3.9.2 or earlier, 4.0 users are still vulnerable to an extent and should update immediately.

How can I protect myself?

Updating your WordPress installation immediately to the latest version (4.0.1) will resolve these issues.

More information:

WordPress 4.0.1 security release announcement

WPScan Vulnerability database

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Need More Help?

Help Center Search

Current Customers

Email: Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.