WordPress 4.5.3 security update

From the WordPress 4.5.3 release notes, WordPress versions 4.5.2 and earlier are affected by several security issues:

  • Redirect bypass in the customizer, reported by Yassine Aboukir
  • Two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati.
  • Revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen
  • oEmbed denial of service reported by Jennifer Dodd from Automattic
  • Unauthorized category removal from a post, reported by David Herrera from Alley Interactive
  • Password change via stolen cookie, reported by Michael Adams from the WordPress security team
  • and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.

WordPress 4.5.3 also fixes 17 bugs from 4.5, 4.5.1 and 4.5.2:

  • #35657 Image height calculation not always available on body.load
  • #36379 Saving post can remove its hierarchical terms if user cannot
  • #36531 Default image size medium_large is not generated
  • #36533 Doesn’t work browse media libary on Frontend
  • #36590 POST[‘nav-menu-data’] breaks other POST
  • #36637 Inline linking inserts `_wp_link_placeholder`
  • #36660 WP_Customize_Widgets::preview_sidebars_widgets() can return false
  • #36708 Silence ini_set() in wp_debug_mode() if WP_DEBUG is off
  • #36748 Updating tables to utf8mb4 causes some columns to change type
  • #36749 Customizer wont load: issue with site-icon control
  • #36767 oEmbed performance optimisation
  • #36793 Customizer doesn’t load in IE8
  • #36838 Invalid argument supplied for foreach() in /wp-includes/theme-compat/embed-content.php
  • #36861 The Insert into post button in the Edit Image window doesn’t work.
  • #36876 TinyMCE: inline toolbars don’t adjust position
  • #36892 Update jQuery migrate to 1.4.1
  • #36900 Media grid AttachmentsBrowser arrows navigation and restoreFocus()

Moscow, Russia: CloudFlare’s 83rd data center

Cloudflare did come to Moscow, Russia and announces the newest addition in the largest country in the world (by footprint), increasing both our data center and city count to 83. Moscow is not only the capital and largest city in Russia.

Russia is also home to several Internet exchanges which CloudFlare now participates at:

This raises the number of exchanges that CloudFlare is a participant of to over 120, making Cloudflare one of the top interconnected networks in the world.

More locations are still to come as Cloudflare keeps expanding their network.

Denver, CloudFlare’s 82nd Data Center

Hello Colorado, Denver is CloudFlare’s tenth data center in the United States, and the 82nd data center globally.
By adding more Datacenters Cloudflare improves regional web performance within the USA.

CloudFlare participates at two major internet exchanges in Denver: Any2 Denver and IX-Denver.

Other Cloudflare locations within the USA

Denver joins CloudFlare’s existing United States data centers in Ashburn, Chicago, Dallas,Los Angeles, Miami, Minneapolis, Phoenix, San Jose, and Seattle.

Cloudflare states they have another ten North American cities in the works. So keep an eye on our blog for more details.

 

BRU – Brussels, Belgium

Our week starts with the announcement that CloudFlare did put their 81st data center online in Brussels, This is the 23rd data center in Europe alone, and the 81st data center globally for Cloudflare – providing additional redundancy to nearby facilities in Amsterdam and Paris.

Millions of websites using CloudFlare are now faster in Brussels, and CloudFlare now exchanges traffic at the Belgium National Internet Exchange (BNIX).

This week CloudFlare will announce two more cities Moscow, Russia and Manila, Philippines ; more information follows when those facilities are officially announced.

 

Perth – Australia – Cloudflare’s 80th DC

040Hosting is excited to announce the launch of CloudFlare’s newest data center in Perth, Australia. This expands the CloudFlare’s global network to span 80 unique cities across 41 countries, and is the fourth data center in the Oceania region, joining existing data centers in Sydney, Melbourne and Auckland.

CloudFlare now has data centers in cities beginning with most letters:

A: Amsterdam, Ashburn, Atlanta, Auckland
B: Bangkok, Berlin, Bucharest, Buenos Aires
C: Cairo, Chengdu, Chennai, Chicago, Copenhagen
D: Dallas, Doha, Dongguan, Dubai, Dublin, Dusseldorf
F: Frankfurt, Foshan, Fuzhou
G: Guangzhou
H: Hamburg, Hangzhou, Hengyang, Hong Kong
J: Jiaxing, Johannesburg
K: Kiev, Kuala Lumpur, Kuwait City
L: Langfang, Lima, London, Luoyang, Los Angeles
M: Madrid, Manchester, Marseille, Medellin, Melbourne, Miami, Milan, Minneapolis,Mombasa, Montreal, Mumbai, Muscat
N: Nanning, New Delhi, Newark
O: Osaka, Oslo
P: Paris, Perth, Phoenix, Prague
Q: Qingdao
S: San Jose, Sao Paulo, Seattle, Seoul, Shenyang, Shijiazhuang, Singapore, Sofia, Stockholm,Sydney
T: Taipei, Tianjin, Tokyo, Toronto
V: Valparaiso, Vancouver, Vienna
W: Warsaw
X: Xi’an
Z: Zhengzhou, Zurich

Pfew that are a lot of cities and countries which got a lot faster thanks to Cloudflare.

WP Mobile Detector Vulnerability Being Exploited in the Wild

Please note that a vulnerability has been found in the WP Mobile Detector script used by many WordPress users.

This issue has now been patched according to Sucuri. Please make sure you update your wordpress if you use WP Mobile Detector;

Also if you do not use the WP Mobile Detector Script please make sure you update your WordPress plugins regularly.

Want to know more about the WP Mobile Detector Vulnerability, please read the full Sucuri blog about this issue.