More WordPress Updates, More Problems

Did you know there is a new update of WordPress available?

Frankly, I could say that every month and almost never be wrong, much like a broken clock is right twice a day. But this time it's least you'd better hope so, WordPress users.

If you're skeptical, don't take my word for what a disaster WordPress is; simply read their WordPress 4.0.1 Security Release. Understand that these security holes could potentially affect millions of sites. It sounds as bad - if not worse - than the side effects of Chantix. Fortunately, we don't use WordPress, so we haven't experienced difficult or labored breathing, feeling sad or empty, anger, anxiety, or hallucinations because none of us use WordPress or Chantix. But if we did...

We'd be scrambling to fix a mess. Did you know that as of Nov. 24, 2014, fully 86% of WordPress websites in existence are vulnerable to a four-year-old comment security bug? According to

The vulnerability, discovered by Jouko Pynnonen of Klikki Oy, allows an attacker to craft a comment on a blog post that includes malicious JavaScript code. On sites that allow comments without authentication—the default setting for WordPress—this could allow anyone to post malicious scripts within comments that could target site visitors or administrators. A proof of concept attack developed by Klikky Oy was able to hijack a WordPress site administrator’s session and create a new WordPress administrative account with a known password, change the current administrative password, and launch malicious PHP code on the server. That means an attacker could essentially lock the existing site administrator out and hijack the WordPress installation for malicious purposes. 

Good luck WordPress user, you're going to need it.

Want more WordPress vitriol? Read WordPress: A Hot Mess, the original in a series.