[SingCERT] Alert on Security Vulnerability in Older Versions of WordPress

Published on Friday, 03 November 2017 11:11


A vulnerability in WordPress has been uncovered in versions 4.8.2 and earlier. Users of this popular free and open source content management system (CMS) are strongly urged to update to the latest version of WordPress, version 4.8.3, as soon as possible.
Affected Software

WordPress versions prior to 4.8.3.

A remote attacker could exploit this vulnerability to obtain sensitive information, modify web contents resulting in defacement, or execute arbitrary code to perform a variety of malicious tasks.

SingCERT recommends that website owners or hosting providers managing WordPress CMS to update to version 4.8.3 immediately.
Websites that support automatic background updates are already being updated to WordPress 4.8.3. Otherwise, users can visit https://wordpress.org/download/ to get the latest security release of WordPress or go to Dashboard → Updates and simply click “Update Now.”