Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0012 A vulnerability has been identified in WordPress 17 January 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: WordPress Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Cross-site Scripting -- Existing Account Resolution: Patch/Upgrade Member content until: Friday, February 16 2018 OVERVIEW A vulnerability has been identified in WordPress prior to version 4.9.2. [1] IMPACT WordPress have provided the following details regarding the vulnerability: "An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress." [1] MITIGATION The vendor strongly encourages users to update to the latest version. [1] REFERENCES [1] WordPress 4.9.2 Security and Maintenance Release https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWl6Rt4x+lLeg9Ub1AQhTBg//WojAD8cbGOBPFcstLmwgVxOWfcnM+0JH beDF9mLEH3Q2esQcKQtTLvvfFHdBaWy8HneOwGXZIGkiPVZXNDvCw0d2cgts2Qr9 AGU1iLCpcAEK9ApSgm0qB0iRyA4tL8Nw0hghIxOsvV3BNWxKair0N9GMNzmogcAO U+FSU1StF92lAGnxMwo9If4l+B8L2bsQOan0RccNw0I+z5Wzh1QNGghX3B0NEYyF 7BZs535O0pAAFqgbdb3fWQDBEUh+lKhzUHMEW7ehDyhPg8aegATgSwZHTyq5T1UV SdraIb4NpkMVuaRSDay5pip7IiHZfUzOCcSR4DPdtrfgps32DG1pALhzwPFoLTB3 LazrWmE4Ma8pDh+C5A0Z3PFv0O7T+bYjtzJNhRqbAEuSftzDhARDebPKSgKSS5YO K1t+51YLVI2L6PxByXOxVvywDPoQIXNFySq0QCS9iBNxoYLH9781TKzOc6fb7rG/ p9MezZt955BT6nZPYeaKepTj8Auu1H/T16ke/ElGxKMOIGVSSduOVtcezyogLa+w RAsEljMQ2yI7cWI41oB7Tc/+Vye0LUpw2iS0H5U2HPxuFPBjSFc+E2LsZHIrPaEj UWjOAHuUVMy00wAOicGQbDuCSJoYX4WxITbs9xkWwF+TutDiAo0Erg0T+A4835uw ldaxdxrV3YA= =/QAP -----END PGP SIGNATURE-----