Security vulnerabilities that might allow a hacker to break into a Word Press site and install malware on it so that its users become infected.
Updating a Word Press site is one of those tedious tasks that has to be done, but doesn’t usually confer any obvious benefit.
Sometimes you’ll get a new feature, but most of the time, you hit the update button, the site prints out a few lines of uninteresting verbiage, and nothing much happens except that the number on the update menu item disappears.
Some people like to update just because they get a sense of satisfaction from seeing that number disappear: the sort of people that get mildly stressed if their email inbox shows unread messages at the end of the day.
Most of us aren’t like that, and because updating Word Press brings no obvious benefit, it tends to be sidelined by more interesting tasks, like writing new content or playing Threes.
And, lets face it, Word Press asks to be updated with a frequency that is off-putting to even the most solicitous site maintainer.
So, I understand why many Word Press users don’t bother to keep their installation up-to-date.But I also understand the result of not updating can be catastrophic for businesses, publishers, and others that rely on Word Press.Word Press is a complicated piece of software made even more complicated by its ecosystem of thousands of plugins.As smart as humans, and especially developers, are, they aren’t so smart that they never screw up when building complicated things.Mistakes are made and those mistakes can create security vulnerabilities.Security vulnerabilities like this, and this, and this.