WordPress Security is really important, so don’t sleep on this video. A critical flaw in the past 6 years of WordPress core releases is finally patched. To get the patch you’ll have to update to WordPress 5+.
If you’re concerned about the update, you can copy your site to a staging area, make the update and see if anything breaks. If nothing goes wrong, it should be safe to update.
But make sure you make full backups of your site and database first, just in case.
From TheHackerNews.con: If you have not updated your website to the latest WordPress version 5.0.3, it’s a brilliant idea to upgrade the content management software of your site now. I mean immediately.
Cybersecurity researchers at RIPS Technologies GmbH today shared their latest research with The Hacker News, revealing the existence of a critical remote code execution vulnerability that affects all previous versions of WordPress content management software released in the past 6 years.
The remote code execution attack, discovered and reported to the WordPress security team late last year, can be exploited by a low privileged attacker with at least an “author” account using a combination of two separate vulnerabilities—Path Traversal and Local File Inclusion—that reside in the WordPress core.