{"id":11934,"date":"2014-11-20T13:34:47","date_gmt":"2014-11-20T21:34:47","guid":{"rendered":"http:\/\/37prime.wordpress.com\/?p=11934"},"modified":"2014-11-20T13:34:47","modified_gmt":"2014-11-20T21:34:47","slug":"wordpress-4-0-1","status":"publish","type":"post","link":"https:\/\/37prime.com\/news\/2014\/11\/20\/wordpress-4-0-1\/","title":{"rendered":"WordPress 4.0.1"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-14908\" src=\"http:\/\/37prime.com\/news\/wp-content\/uploads\/2014\/11\/Welcome-to-WordPress-4.0.1.png\" alt=\"Welcome to WordPress 4.0.1\" width=\"960\" height=\"540\" \/><\/p>\n<p><a href=\"https:\/\/wordpress.org\/news\/2014\/11\/wordpress-4-0-1\/\" target=\"_blank\">WordPress 4.0.1<\/a>\u00a0is out now.<\/p>\n<blockquote>\n<ul>\n<li>Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.<\/li>\n<li>A cross-site request forgery that could be used to trick a user into changing their password.<\/li>\n<li>An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.<\/li>\n<li>Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).<\/li>\n<li>An extremely unlikely hash collision could allow a user\u2019s account to be compromised, that also required that they haven\u2019t logged in since 2008 (I wish I were kidding). Reported by David Anderson.<\/li>\n<li>WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavkovi\u0107 of ManageWP.<\/li>\n<\/ul>\n<\/blockquote>\n<p>I would say that it is mandatory to update your WordPress installation, because of these important security fixes.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress 4.0.1\u00a0is out now. Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team. A cross-site request forgery that could be used to trick a user into changing their password. An issue that could lead to &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/37prime.com\/news\/2014\/11\/20\/wordpress-4-0-1\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;WordPress 4.0.1&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4],"tags":[2648,936,3085,3238],"class_list":["post-11934","post","type-post","status-publish","format-standard","hentry","category-news","tag-security","tag-tech","tag-updates","tag-wordpress"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pcNtU-36u","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts\/11934","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/comments?post=11934"}],"version-history":[{"count":0,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts\/11934\/revisions"}],"wp:attachment":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/media?parent=11934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/categories?post=11934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/tags?post=11934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}