{"id":9839,"date":"2015-07-23T06:26:39","date_gmt":"2015-07-23T11:26:39","guid":{"rendered":"https:\/\/wpengine.com\/?p=9839"},"modified":"2015-07-23T13:25:51","modified_gmt":"2015-07-23T18:25:51","slug":"were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3","status":"publish","type":"post","link":"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/","title":{"rendered":"We\u2019re Patching All WP Engine Customer Sites To WordPress 4.2.3"},"content":{"rendered":"<p>WordPress today released a critical security update to the current stable branch of WordPress to fix a cross-site scripting (XSS) vulnerability in how shortcodes are used in HTML attributes.<\/p>\n<p>As a WP Engine customer, you\u2019re covered. Our team is working to automatically patch and update all sites hosted with us to WordPress 4.2.3. You don\u2019t have to take any action to leverage this security update.<\/p>\n<p>Essentially, this security issue could enable specially crafted shortcodes to bypass <a href=\"http:\/\/ottopress.com\/2010\/wp-quickie-kses\/\">kses<\/a> protection by tricking it into thinking dangerous parts are part of valid HTML.<\/p>\n<p>This vulnerability may allow users without the unfiltered_html capability, but with publishing rights, to run JavaScript code on the front end of the website. This security update ensures all shortcodes inside attributes are evaluated and then run both through kses separately and escaped for use in attributes.<\/p>\n<p>Once your site is updated, almost all shortcodes should work as expected, with the possible exception of shortcodes used inside tags (between &lt; and &gt;), but outside attributes.<\/p>\n<p>More information regarding this security update is available in this <a href=\"https:\/\/wordpress.org\/news\/2015\/07\/wordpress-4-2-3\/\">blog post<\/a> on WordPress.org.<\/p>\n<p>Automatic security updates are just one of the many benefits you receive as a WP Engine customer. As always, thank you for trusting WP Engine with your WordPress sites and their security.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress today released a critical security update to the current stable branch of WordPress to fix a cross-site scripting (XSS) vulnerability in how shortcodes are used in HTML attributes. As a WP Engine customer, you\u2019re covered. Our team is working to automatically patch and update all sites hosted with us to WordPress 4.2.3. You don\u2019t<span class=\"tile__ellipses\">&hellip;<\/span><span class=\"tile__ellipses--animated\"><\/span><\/p>\n","protected":false},"author":37,"featured_media":9841,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[372,85,408],"tags":[12,315,37,245],"class_list":["post-9839","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcement","category-security-2","category-wordpress-updates","tag-patches","tag-security-update","tag-wordpress-security","tag-wordpress-updates"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>We\u2019re Patching All WP Engine Customer Sites To WordPress 4.2.3 | WP Engine<\/title>\n<meta name=\"description\" content=\"There is a new WordPress security update, and we are patching all WP Engine customer sites to WordPress 4.2.3.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"We\u2019re Patching All WP Engine Customer Sites To WordPress 4.2.3 | WP Engine\" \/>\n<meta property=\"og:description\" content=\"There is a new WordPress security update, and we are patching all WP Engine customer sites to WordPress 4.2.3.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/\" \/>\n<meta property=\"og:site_name\" content=\"WP Engine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/wpengine\" \/>\n<meta property=\"article:published_time\" content=\"2015-07-23T11:26:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-07-23T18:25:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wpengine.com\/resources\/wp-content\/uploads\/2015\/07\/shutterstock_261212366.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"620\" \/>\n\t<meta property=\"og:image:height\" content=\"240\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dustin Meza\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dustinmeza\" \/>\n<meta name=\"twitter:site\" content=\"@wpengine\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dustin Meza\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/\",\"url\":\"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/\",\"name\":\"We\u2019re Patching All WP Engine Customer Sites To WordPress 4.2.3 | WP Engine\",\"isPartOf\":{\"@id\":\"https:\/\/wpengine.com\/resources\/#website\"},\"datePublished\":\"2015-07-23T11:26:39+00:00\",\"dateModified\":\"2015-07-23T18:25:51+00:00\",\"author\":{\"@id\":\"https:\/\/wpengine.com\/resources\/#\/schema\/person\/b0fad0bc1f84e257b9766dd6ad83090f\"},\"description\":\"There is a new WordPress security update, and we are patching all WP Engine customer sites to WordPress 4.2.3.\",\"breadcrumb\":{\"@id\":\"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wpengine.com\/resources\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"We\u2019re Patching All WP Engine Customer Sites To WordPress 4.2.3\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wpengine.com\/resources\/#website\",\"url\":\"https:\/\/wpengine.com\/resources\/\",\"name\":\"WP Engine\",\"description\":\"Managed Hosting for WordPress\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wpengine.com\/resources\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wpengine.com\/resources\/#\/schema\/person\/b0fad0bc1f84e257b9766dd6ad83090f\",\"name\":\"Dustin Meza\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/wpengine.com\/resources\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/31ab5fbff27b09e6eaecd8207bea0536fb527eb741f54c34ba2778eb332992ed?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/31ab5fbff27b09e6eaecd8207bea0536fb527eb741f54c34ba2778eb332992ed?s=96&d=mm&r=g\",\"caption\":\"Dustin Meza\"},\"description\":\"Dustin Meza works as the Senior Manager of Customer Experience Operations. His passion is seen everyday in making our Support teams and Customer Experience better. In his spare time he loves sports and enjoying the Austin Outdoor Life to it's fullest with his wife and dog, Maddy.\",\"sameAs\":[\"www.linkedin.com\/in\/dustinmeza\",\"https:\/\/twitter.com\/dustinmeza\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"We\u2019re Patching All WP Engine Customer Sites To WordPress 4.2.3 | WP Engine","description":"There is a new WordPress security update, and we are patching all WP Engine customer sites to WordPress 4.2.3.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"We\u2019re Patching All WP Engine Customer Sites To WordPress 4.2.3 | WP Engine","og_description":"There is a new WordPress security update, and we are patching all WP Engine customer sites to WordPress 4.2.3.","og_url":"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/","og_site_name":"WP Engine","article_publisher":"https:\/\/www.facebook.com\/wpengine","article_published_time":"2015-07-23T11:26:39+00:00","article_modified_time":"2015-07-23T18:25:51+00:00","og_image":[{"width":620,"height":240,"url":"https:\/\/wpengine.com\/resources\/wp-content\/uploads\/2015\/07\/shutterstock_261212366.jpg","type":"image\/jpeg"}],"author":"Dustin Meza","twitter_card":"summary_large_image","twitter_creator":"@dustinmeza","twitter_site":"@wpengine","twitter_misc":{"Written by":"Dustin Meza","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/","url":"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/","name":"We\u2019re Patching All WP Engine Customer Sites To WordPress 4.2.3 | WP Engine","isPartOf":{"@id":"https:\/\/wpengine.com\/resources\/#website"},"datePublished":"2015-07-23T11:26:39+00:00","dateModified":"2015-07-23T18:25:51+00:00","author":{"@id":"https:\/\/wpengine.com\/resources\/#\/schema\/person\/b0fad0bc1f84e257b9766dd6ad83090f"},"description":"There is a new WordPress security update, and we are patching all WP Engine customer sites to WordPress 4.2.3.","breadcrumb":{"@id":"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/wpengine.com\/resources\/were-patching-all-wp-engine-customer-sites-to-wordpress-4-2-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wpengine.com\/resources\/"},{"@type":"ListItem","position":2,"name":"We\u2019re Patching All WP Engine Customer Sites To WordPress 4.2.3"}]},{"@type":"WebSite","@id":"https:\/\/wpengine.com\/resources\/#website","url":"https:\/\/wpengine.com\/resources\/","name":"WP Engine","description":"Managed Hosting for WordPress","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wpengine.com\/resources\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/wpengine.com\/resources\/#\/schema\/person\/b0fad0bc1f84e257b9766dd6ad83090f","name":"Dustin Meza","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wpengine.com\/resources\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/31ab5fbff27b09e6eaecd8207bea0536fb527eb741f54c34ba2778eb332992ed?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/31ab5fbff27b09e6eaecd8207bea0536fb527eb741f54c34ba2778eb332992ed?s=96&d=mm&r=g","caption":"Dustin Meza"},"description":"Dustin Meza works as the Senior Manager of Customer Experience Operations. His passion is seen everyday in making our Support teams and Customer Experience better. In his spare time he loves sports and enjoying the Austin Outdoor Life to it's fullest with his wife and dog, Maddy.","sameAs":["www.linkedin.com\/in\/dustinmeza","https:\/\/twitter.com\/dustinmeza"]}]}},"acf":[],"_links":{"self":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/posts\/9839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/users\/37"}],"replies":[{"embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/comments?post=9839"}],"version-history":[{"count":0,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/posts\/9839\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/media\/9841"}],"wp:attachment":[{"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/media?parent=9839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/categories?post=9839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpengine.com\/resources\/wp-json\/wp\/v2\/tags?post=9839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}