WordPress Core Update 4.7.2

Our WordPress site has been updated to version 4.7.2

From WordPress.org

WordPress versions 4.7.1 and earlier are affected by three security issues:

  1. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
  2. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
  3. A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.

To view the changes, click here.


WordPress Core Update 4.7

Our WordPress site has been updated to version 4.7

From WordPress.org

Version 4.7 of WordPress, named “Vaughan” in honor of legendary jazz vocalist Sarah “Sassy” Vaughan, is available for download or update in your WordPress dashboard. New features in 4.7 help you get your site set up the way you want it.

To view the changes, click here.


WordPress Core Update 4.6.1

Our WordPress site has been updated to version 4.6.1

From WordPress.org

WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.

To view the changes, click here.


WordPress Core Update 4.6

Our WordPress site has been updated to version 4.6

From WordPress.org

Version 4.6 of WordPress, named “Pepper” in honor of jazz baritone saxophonist Park Frederick “Pepper” Adams III, is available for download or update in your WordPress dashboard. New features in 4.6 help you to focus on the important things while feeling more at home.

To view the changes, click here.


WordPress Core Update 4.5.3

Our WordPress site has been updated to version 4.5.3

From WordPress.org

WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen from the Wordfence Research Team; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported byPeter Westwood of  the WordPress security team.

To view the changes, click here.


WordPress Core Update 4.5.2

Our WordPress site has been updated to version 4.5.2

From WordPress.org

WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.

To view the changes, click here.


WordPress Core Update 4.5.1

Our WordPress site has been updated to version 4.5.1

From WordPress.org

This release fixes 12 bugs, chief among them a singular class issue that broke sites based on the Twenty Eleven theme, an incompatibility between certain Chrome versions and the visual editor, and an Imagick bug that could break media uploads. This maintenance release fixes a total of 12 bugs in Version 4.5. For more information, see the release notes or consult the list of changes.

To view the changes, click here.


WordPress Core Update 4.5

Gwynedd Mercy University’s WordPress blog has been updated to version 4.5. If you notice any issues with your blog, please contact IT by phone at #21444 or by email at it@gmercyu.edu.

About WordPress 4.5 from WordPress.org

Version 4.5 of WordPress, named “Coleman” in honor of jazz saxophonist Coleman Hawkins, is available for download or update in your WordPress dashboard. New features in 4.5 help streamline your workflow, whether you’re writing or building your site.

To view more about version 4.5, click here

 


WordPress 4.4.2 Update

WordPress 4.4.2 Security and Maintenance Release


WordPress Update 4.4.1

WordPress 4.4.1 Security and Maintenance Release