Top Navigation

Archive | January, 2016

Vulnerabilities in WP Core and Four Plugins

Here’s a round up of security issues in WordPress this month.  January 6th saw a WordPress core security update. Upgrade immediately to version 4.4.1 of WordPress core if you haven’t already.

The vulnerability that WordPress 4.4.1 fixes is a cross site scripting or XSS vulnerability. The Automattic team did not release details of the vulnerability in the announcement, but the patch was reverse engineered by several security teams and they used the code change to come up with a proof of concept exploit. The exploit has also been posted on twitter. The result is that the exploit for this security issue is now in the wild so it’s very important that you update asap.

The following plugins also had vulnerabilities reported and in most cases, fixed, this month:

If you need assistance with upgrading WordPress or any of these plugins then contact Reliable Penguin by email to or on the web at