Website Security Checkup – May 2017

Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.

WordPress & Joomla Release Summary

May 2017

WordPress

Current release: 4.7.5NEW SECURITY RELEASE – Release date: May 16, 2017

More WordPress info

Quick overview of v4.7.5:

This release contains 6 security fixes and 3 maintenance fixes. The security issues are:

  • Insufficient redirect validation in the HTTP class.
  • Improper handling of post meta data values in the XML-RPC API.
  • Lack of capability checks for post meta data in the XML-RPC API.
  • A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog.
  • A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
  • A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

More Details on v4.7.5

Next scheduled release: 4.8, June 8, 2017

Joomla

Current release: 3.7.2NEW – Release date: May 23, 2017

Previous release: 3.7.1SECURITY RELEASE – Release date: May 17, 2017

More Joomla info

Quick overview of release 3.7.2:

  • This release fixes some bugs in file mime checks, module page filtering as well as some other bugs and several other minor improvements.

More Details on v3.7.2

Quick overview of release 3.7.1:

  • This release address a critical security issue as well as several bugs.
  • Security issue fixed is: High Priority – Core – SQL Injection (affecting Joomla! 3.7.0)

More Details on v3.7.1

Next scheduled release: 3.8.0, 3rd Quarter 2017

SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.

Tags: ,

Trackback from your site.

Leave a comment