Vulnerability in a WordPress plugin that is avoided with an update
A vulnerability in the plugin Advanced Custom Fields has been discovered, and anyone using this plugin is advised to update the plugin to 6.1.6 as soon as possible. It comes in a free version and a premium version. The vulnerability, named CVE-2023-30777, allows cross-site scripting, also known as XSS, to inject executable scripts into websites that use the plugin.
This is a widely used plugin that is actively used by more than 2 million websites worldwide according to The Hacker News. Vulnerabilities cannot be predicted and can turn out to exist even for popular and well-used plugins.
We recommend that you contact your IT manager or the person/persons who built the website as soon as possible to check whether you are using this plugin on your site.
WordPress 6.2 is the latest version and was released in March 2023. Here, they have put a lot of focus on improved user interface and making the editing experience more efficient.
It is important to keep track of when new versions are released if you want to ensure that your site functions optimally and remains secure. As long as you don’t have an outdated version, updating is not a must, but there are many advantages to having the latest version. Security updates, performance improvements and bug fixes are just some of these.
Improvements in the new version
WordPress 6.2 includes a lot of new improvements. These are:
- Site Editor is no longer beta and has many new improvements.
- Among other things, it is easier to manage different templates in the Site Editor.
- Distraction free mode is now available when an admin creates their content.
- The navigation block has received improvements for better user-friendliness.
- Copy & Paste of Block Styles is now available.
- Patterns have redesigned graphics for increased clarity and ease of use.
- WordPress now supports OpenVerse.
- Gutenberg has received several small updates. 10 Gutenberg releases have been merged into WP 6.2
It is important to know that not all improvements can be applied to all websites, and therefore may not be relevant to your particular one.
This is how you see your current version
It’s easy to see what versions you have on your WordPress site and on your plugins.
- For the version on the website:
Enter the administration view. You can see it in several places, for example at the bottom of all pages in the backend, in the bottom right corner or in the summary box on the dashboard.
- For versions of your plugins:
Enter the administration view. Click on plugins. You will then see a list of all your plugins and what version they all have.
Contact us for help with the upgrade
A switch can be quick and easy, but depending on the type of website you have, it can quickly become more complicated. You need to set aside time to, for example, take a backup of the website, perform the update, and then test that everything is working as it should. The upgrade needs to be carried out correctly in order not to lose valuable data and for the site to continue working correctly. This can be a bigger job than you first thought.
Awave has great expertise in WordPress and is happy to help you. We can also check if you have the Advanced Custom Fields plugin. Contact us for help with your change!