WordPress 4.4.2: Quick-fixes for SSRF & Open Redirect Security trouble


There is a good news for WordPress users, for the WordPress team has released its version 4.4.2.

Earlier WordPress version 4.4.1 was troubled by 2 security issues: Server-Side Request Forgery (SSRF) for local URL’s and open redirection attack.

This new version has also addressed 17 bugs that previously existed in 4.4 and 4.4.1 along with parameters like SQL errors, and incorrect ordering that was ignored earlier. WordPress 4.4.2 has fixed these non-vulnerable bugs.

The best thing about the latest version is that there are no complex technical details involved in the two security issues. The WordPress team has declared about the Patches to overcome the SSRF bug and an open redirect issue.

Now we are going to discuss the two fixes in detail:

  • A SSRF vulnerability lets an attacker to get access to the internal network or local server. An Attacker can easily insert malicious code into the site content. The released patches have fixed the issue of SSRF.
  • An open redirection vulnerability allows an attacker to send a user to a WordPress site using a URL containing a parameter that redirects them to another site. Through this, an attacker can send a victim to a malicious site by portraying the link as a non-malicious site.
  • The release of version 4.4.2 also fixes other 17 non-vulnerable bugs.

Talking of the updates and patching of he present versions, users can conveniently apply the updates manually through Dashboard on their site. Another option is that users can directly download the latest version.