( source : http://threatpost.com/wordpress-update- ... ty/116128/ )WordPress a écrit :This is a security release for all previous versions & we strongly encourage you to update now!
The update pushed out on Tuesday addresses two main issues. Until yesterday an attacker could have potentially carried out a Server-Side Request Forgery (SSRF) attack that could have made it appear that the server was sending certain requests, possibly bypassing access controls. The update also fixes an open redirect vulnerability that in the CMS.
The update also fixes 17 other bugs that existed in 4.4 & 4.4.1, like parameters that were ignored, SQL errors, & incorrect ordering. Per usual, users can apply the updates manually through their site's Dashboard or download the latest version directly. Dashboard → Updates & simply click "Update Now."
→ https://wordpress.org/news/2016/02/word ... e-release/
Rappel : WPScan permet de vérifier vos installations via une base de vulnérabilités connues.