contador Skip to content

WordPress fixes a zero day flaw introduced with its 4.2 update

hundreds of sites continue to use plugins with backdoors

WordPress updates have accelerated in recent days, going from version 4.2 to version 4.2.1 with the recommendation to switch to the latest revision, which fills an important security flaw.

It was Finnish security researcher Jouko Pynnönen who discovered a zero-day flaw in WordPress 4.2, the CMS adopted by millions of websites around the world.

The flaw allowed an attacker to inject JavaScript code from comments and thus execute code remotely by installing a back door. The researcher also demonstrates this in a video.

WordPress was contacted urgently and reacted quickly and deployed a patch. As a reminder, version 4.2 of WordPress is an opportunity to see the arrival of new tools in Press, the support of new characters and the arrival of emojis.