Search Engine: Elastic

Article ID: 125273, created on Apr 23, 2015, last review on Jul 14, 2018

  • Applies to:
  • Plesk Automation


WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. For details please check original post on Wordpress blog.


Update Wordpress installation to version 4.1.2 or later:

  1. If Wordpress is installed as an APS application, go to Wesites > domain_name > Open in control panel > Applications > Manage My Applications and click on "Update avaliable" button, see screenshot:

**Note:** New version availability is being checked by daily Maintenance Script in PPA. If you still does not see **"Update avaliable"** button please wait for Daily Maintenance script or run the following two commands from the Management Node:

    #/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateApsCache

    #/usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateApsApplications
  1. If Wordpress is installed not through APS application vault, but manually, follow Wordpress upgrade guide.

e0aff7830fa22f92062ee4db78133079 caea8340e2d186a540518d08602aa065

Email subscription for changes to this article
Save as PDF