New WordPress and Joomla Updates Available

  • August 1, 2013

If you are a WordPress or Joomla user, you better start updating your sites now.

Joomla 2.5.14

Joomla 2.5.14 was released containing some critical security fixes. They didn’t provide much details, but by the summary is seems serious enough to allow users to bypass upload restrictions:

Project: Joomla!
Severity: Critical
Versions: 2.5.13 and earlier 2.5.x versions. 3.1.4 and earlier 3.x versions.
Exploit type: Unauthorised Uploads
Reported Date: 2013-June-25
Fixed Date: 2013-July-31
Description: Inadequate filtering leads to the ability to bypass file type upload restrictions.

More information on Joomla 2.5.14 update here: http://developer.joomla.org/security/news/563-20130801-core-unauthorised-uploads

WordPress 3.6

WordPress 3.6 (a major release) was also announced with multiple new features and bug fixes. It doesn’t have any specific security fix, but keeping your site updated is a must, so we recommend all users to update.

More information on WordPress 3.6 is available here: http://codex.wordpress.org/Version_3.6

We recommend upgrading as soon as possible to reduce the risk of issue. Make sure you test your upgrades in a development environment before you go hot.

If you have any questions, feel free to drop an email.

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

1 comment

Comments are closed.

Related Categories
You May Also Like