Article ID: 117834, created on Oct 10, 2013, last review on Jun 17, 2016

  • Applies to:
  • Plesk


WordPress 3.6.0 and below is vulnerable to remote code execution attacks. Details are available in CVE-2013-4338.

WordPress 3.6.1 has been released to address this security issue. This article describes how to update your WordPress installation.

If WordPress has been installed from Application Catalog...

To update a single application on a specific subscription, go to subscription > "Applications" tab > "Manage My Applications" sub-section > "WordPress" and click "Update now" link in update notification section:

To view which domains have WordPress installed, go to "Tools & Settings" > "Application Vault" > "Installed Apps" tab and click older WordPress installations (e.g. WordPress (3.2.1-6)) which have one or more installations in "Number of installations":

To install update, click on "Updates are available" link under domain name:

You can also enable automatic updates for all apps following the instructions in Parallels Plesk Panel Administrator's Guide.

If WordPress has been installed manually...

Follow the instructions provided in documentation on WordPress website.

Search Words

update WordPress installation

remote code execution attack

WordPress 3.6.0 and below


wordpress template leak

a914db3fdc7a53ddcfd1b2db8f5a1b9c 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF