The first of them being an SSRF (Server Side Request Forgery). A server-side request forgery is what allows an attacker to access or attack the internal network or local server that WordPress is installed on. It sort of goes around your firewall.
The second security issue that was addressed is that there was an open redirection bug. this allows the attacker to send a user using one of the attacker’s URLs to another site. It is a way of performing phishing attacks in that you will think you are heading for one site and arrive at a completely different one.
Should you be Scared of Getting a WordPress website?
Some people who were thinking about getting a WordPress site for themselves may be put off because of reports like this, but remember, that 20% of the world’s websites are produced using WordPress. They can’t all be wrong!
There is a vast community of WordPress users who spend time daily improving the quality, usability, and security of this platform. A custom built website won’t get anywhere near the number of attacks a WordPress site will, but as there is only one person/team who worked on that website’s production you have a much greater chance of loopholes being left in the code. Also in most cases, when the build is finished they are gone!
Popular CMS’s such as WordPress
Personally, I ( NO1 SEO Ireland) prefer working with the popular CMS’s because of this, and also there is a wealth of experience that can be drawn on as part of a community. If there is a problem I never met before or a hoop I haven’t jumped through I can be sure to find the answer through an online search or on one of the forums where people are happy to help.
I won’t be surprised if I get a few custom builds shouting about the benefits ( and there are plenty if you can afford them)
But back to my main point – please update your WordPress website to version 4.4.2 —– after backing it up first!!!!
Have a GOOD ONE!
No1 SEO Ireland