WordPress Security Threats – Jul/2013

July was an extremely quiet month for Sucuri’s blog of security alerts, with the only mention being Dissecting a WordPress Brute Force Attack. But as always, I appreciate all of their updates and critical alerts to help keep the community informed.

Similarly, July was a quiet month for Packstorm Security as well. Here is what they had for WordPress security threats.

While overall number-wise a quiet month, there were two big items that should be noted: WooCommerce 2.0.12 XSS and WordPress 3.5.1 XSS.

WordPress 3.6 was announced on August 1st, so if you haven’t upgraded, you should verify your works, is backed up, and upgrade. You should note that WordPress 3.6 is not security release, but a major version, so a feature release. But as with any release of WordPress, numerous bugs were fixed along the way — but nothing that requires immediate upgrading outside of WordPress 3.5.1.