corenominal

Full stack web developer, interested in all the things, but especially the web, code, design, Linux, OS X, PHP, WordPress, JavaScript & robots.

Ignorance is Bliss? An Enormous WordPress Zero-Day has Been Secretly Fixed image/svg+xml

WordPress 4.7.2 fixed the issue, but it was a “silent patch”. The fix was hidden within other issues in order to give everyone time to patch their systems.

At the time of 4.7.2’s release details of the flaw were kept secret, as the security community raced to ensure that as many sites were protected as possible as Aaron Campbell explained in a WordPress blog post.

Sounds like a rather nasty flaw, so it’s understandable that a “silent patch” was applied.

UPDATE: More detailed information available here.

Leave a comment

Your email address will not be published. Required fields are marked *