WordPress silently fixes dangerous code injection vulnerability

Developers of the widely used WordPress content management system released an update last week, but intentionally delayed announcing that the patch addressed a severe vulnerability.

WordPress version 4.7.2 was released on January 26 as a security update, but the accompanying release notes only mentioned fixes for three moderate risk vulnerabilities, one of which did not even affect the platform’s core code.

On Wednesday, a week later, the WordPress security team disclosed that a fourth vulnerability, much more serious than the others, was also patched in version 4.7.2.

To read this article in full or to leave a comment, please click here

Read more: WordPress silently fixes dangerous code injection vulnerability

Story added 2. February 2017, content source with full text you can find at link above.