WordPress issues security fixes, advises “update your sites immediately

Mega-popular blogging and content management system WordPress has just put out version 3.6.1.

Since it’s a maintenance release (an update from 3.6), it doesn’t have a huge raft of new features, but it does fix three security holes.

One of them is a Remote Code Execution vulnerability reported by a young Belgian web application security researcher named Tom Van Goethem.

Now that the fix is out, Van Goethem has published a very detailed description of the bug and the steps he went through to uncover it.

SOURCE: nakedsecurity.sophos.com

Information Security Buzz