A Bug in WordPress Update Disables Auto-Update Functionality
MS-ISAC ADVISORY NUMBER:2018-019
A bug has been discovered in WordPress 4.9.3 that disables the auto-update functionality. WordPress is an open source content management system (CMS) for websites.
- Large and medium government entities: HIGH
- Small government entities: MEDIUM
- Large and medium business entities: HIGH
- Small business entities: MEDIUM
A bug has been discovered in WordPress 4.9.3 that disables the auto-update functionality. This bug was discovered after the release of WordPress 4.9.3.
Note: In order for WordPress to automatically receive future security updates, version 4.9.4 will need to be installed manually.
We recommend the following actions be taken:
- Apply appropriate updates provided by WordPress manually to affected systems, immediately after appropriate testing.
- Apply the Principle of Least Privilege to all systems and services.