Wordpress: Unauthenticated Privilege Escalation Vulnerability

Update your website now...

Popular blogging platform Wordpress has disclosed a security vulnerability in site versions 4.7 and 4.7.1 released in the end of 2016. The exploit has been used to reportedly hack over 1.5 million Wordpress sites.

Gulf human rights activists, journalists and bloggers often use Wordpress as a platform to publish information and voice their opinions. The vulnerability could be used to hack into and deface websites set up by critical users.

Wordpress has admitted to the flaw in a blog post published earlier this month and has released a fix in version 4.7.2 released on 26 January 2017. The update was published over the Wordpress autoupdate system which means many Wordpress sites were updated automatically to fix the issue. However, if you use Wordpress, you might still be vulnerable if your website has not been updated to fix the security flaw.

Follow these steps to check that you are on the latest version of Wordpress:

1) Ensure that you haved backed up your website beforehand.

2) Sign into your Wordpress Admin Dashboard. Wordpress will usually notify you when a new version is available in the Admin Area. If a notification prompts that an update is available, click on "Please Update Now" and then follow the instructions given.

3) If no notification is available, it is likely that your website was automatically updated. To check this, click on "Updates" in the left panel.

4) In the updates page, underneath "Wordpress Updates", check if your website is running version 4.7.2. Version 4.7.2 is the latest update released on 26 January 2017 with a patch for the security flaw.

5) If your website is not running version 4.7.2, click on "check again".

6) The page should prompt an available update of version 4.7.2. Click on "Update now" to install the update.

7) You can also click on "Upgrade Automatically" to ensure future updates are installed as soon as they are available.

Contact the AmanaTech team if you have any questions about this alert.