• Skip to main content

Victor Font Consulting Group, LLC

The DEX Intranet Specialists

Call Us:

+1 919-604-5828

  • Home
  • Care Plans
    • Care Articles
    • Optional Subscriptions
  • Consultations
  • Products
    • Code Snippets
    • Public GitHub Repositories
    • Gist Snippets
    • Pastebin Snippets (Free)
    • Free Plugins
  • FAQs
  • Support
    • Graphic Design
  • Contact
    • Speakers
    • Portfolio
  • Resources
    • Free WordPress Video Training
    • Tutorials
    • Articles
    • Cybersecurity
    • EU Referral Network
You are here: Home / Computers and Internet / Security / Have Shortcodes? Hold off WordPress 4.2.3

Have Shortcodes? Hold off WordPress 4.2.3

By Victor M. Font Jr.
July 24, 2015Leave a Comment

BrokenWordPress automatic updates may be a convenient feature for some, but the recent 4.2.3 security release is being reported as having broken thousands of production sites. The sites that have been reported as broken all have one thing in common, they are using plugins or themes that create and use shortcodes in a non-standard way. One that has been getting mentioned regularly is Toolset Types and Views. One commenter on a WP Tavern article reports that he uses this plugin on 100 sites and all of them broke with the 4.2.3 WordPress release.

The Issue

WordPress 4.2.3 includes a relatively large security fix that affects the Shortcode API. WordPress core contributor Robert Chapin said in this blog post:

Due to the nature of the fix – as is often the case with security fixes – we were unable to alert plugin authors ahead of time, however we did make efforts to scan the plugin directory for plugins that may have been affected.

As unfortunate as it is that plugin developers weren't notified in advance, this is a security fix and as such, it shouldn't be on the WordPress team to fix the problems that are being reported. Specifically, it appears that the plugins being affected use shortcodes to provide inline styles. The WordPress shortcode API rules should have been followed by the plugin authors. Of course if you decide to create your own programming rules, things are going to break when core functionality you depend upon is updated. So what can you do for the short term?

The Solution

Roll back to 4.2.2 and turn off auto-updates for now to fix the issue on the short term. Wait until your plugin's author issues a fix and then update WordPress manually to 4.2.3 or a later version. WordPress 4.3 is scheduled for release in August. Afterward, you can turn auto updates back on, if you choose to use the feature.

To completely disable all types of automatic updates, core or otherwise, add the following to your wp-config.php file:

define( 'AUTOMATIC_UPDATER_DISABLED', true );

Download WordPress 4.2.2 from here: https://wordpress.org/download/release-archive/

  • 5shares
  • Facebook0
  • Twitter0
  • Pinterest0
  • LinkedIn4
  • Print
  • SMS1

About Victor M. Font Jr.

Victor M. Font Jr. is an award winning author, entrepreneur, and Senior IT Executive. A Founding Board Member of the North Carolina Executive Roundtable, he has served on the Board of Advisors, of the North Carolina Technology Association, the International Institute of Business Analysis, Association of Information Technology Professionals, Toastmasters International, and the North Carolina Commission for Mental Health, Developmental Disabilities, and Substance Abuse Services. He is author of several books including The Ultimate Guide to the SDLC and Winning With WordPress Basics, and Cybersecurity.

Reader Interactions

VictorFont.com runs on the Genesis Framework

Genesis FrameworkThe Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go.

Check out the incredible features and the selection of designs. It's that simple—start using Genesis now!

Click here to download The Genesis Guide for Absolute Beginners (PDF - 1.4 MB)

Leave a Reply Cancel reply

Your email address and website will not be published. Required fields are marked *
Posting a comment means that you agree with and accept our Comment & Product Review Policy

Call: +1 919-604-5828

Send us an E-mail

Accessibility Statement | Affiliate Marketing Disclosure | Capability Statement

Cookie Policy | Comment & Product Review Policy | Privacy Policy | Site Map | Terms & Conditions

Copyright © 2003–2023 Victor M. Font Jr.

Return to top of page