WordPress Update 5.1.1 Critical Vulnerability Fix

php_test_blog

With JungleWP your Sites are already running on the latest version of PHP, and we made the transition could be made smoothly. So you have the peace of mind that your site is always up to date and secured.


We have updated your sites to WordPress 5.1.1 Security and Maintenance Release


4 days earlier WordPress 5.1.1 was released to the general public! This is mainly a security and maintenance release that introduces new fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.

This release includes in addition a pair of security fixes that handle how comments are filtered and then stored in the database. Some of our clients will remember our security preventive email that we sent mentioning that our heuristics vulnerability scanners identified several malicious vulnerabilities among which we identified a way to compromise a site trough WordPress comments and some plugins with cross-site scripting.

Well the good news is that the community identified those same vulnerabilities in WordPress versions 5.1 and earlier, which are now fixed in version 5.1.1.

Props to Simon Scannell of RIPS Technologies who discovered this flaw independent of some work that was being done by members of the core security team. Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave time to fix them before WordPress sites could be attacked.

Other highlights of this release include:

  •  Hosts can now offer a button for their users to update PHP.
  • The recommended PHP version used by the “Update PHP” notice can now be filtered.
  • Several minor bug fixes.

Plugins and themes compatibility

As much as we are putting our clients needs at the forefront of our innovation, with ease to use and simplicity as the cornerstone of our technology, we are also constantly making our environment developer friendly. With JungleWP, no matter if you are a developer or not, you will always find the best tools to make the most out of your WordPress site.

With this vision in mind, we made sure to maximize compatibility with Themes and Plugins. We know that in many case outdated or old Plugins and Themes, can cause many issues due to the new changes introduced in the latest versions of PHP.

Thanks to the PHPCompatibility Project and Contributors we have made a debugging tool available to help you identify critical errors and help you get the right support from your Themes and Plugins authors.

Note that this plugin will only work for JungleWP users, as we added compatibility checks for environments running on PHP 7.3 and 7.4. You can download the latest version in the following link, it will automatically detect the PHP versions available for your site and let you run scans for each versions.

Article by JungleWP

Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.