What we did about it
GenWeb.io has upgraded to the current stable version (we always do, usually within minutes of the release.) We have also addressed the so-called “ImageTragick” vulnerability in the ways currently suggested by the ImageMagick developers. But, just for your own peace of mind (and ours!), please ensure that your regional site does not allow users, forum posters, or commentors to upload photos. Also, please do not ‘upload’ images using urls as this is another vector for this exploit to be used. If you are using the PressThis tool to republish articles from the internet, this is another way to infect your site.
What the vulnerability was
The issue addressed by WordPress potentially allowed someone to run a script in a visitor’s browser when displaying/streaming certain kinds of media. Obviously could not directly affect your website, but it could get your site blacklisted as a source of malicious scripts even though it wasn’t really your site doing the harm to the visitor. This is completely fixed by the security update.
The issue with ImageMagick potentially allowed remote code execution (RCE) on the server. When images are used in WordPress they are processed in various ways using ImageMagick – to create thumbnails, or change a photo’s dimensions, or in other ways – and during that processing ImageMagick could be convinced to execute instructions on the server. This could in theory do almost anything the webserver has the ability to do, including severely harming your site or the webserver itself. This is not completely fixed by the security update from ImageMagick, and so the vulnerable portions of ImageMagick have been disabled. Most likely this will not affect your site, but be aware of possible issues if you use .svg or .mvg graphics. There are known attempts to use this exploit in the wild, but GenWeb.io sites should no longer be vulnerable.
What this means for you
Nothing, as far as we are aware. When a more-complete fix for ImageMagick is available we will re-enable the possibly vulnerable portions again. In the meantime, if you have any issues with any media on your site (especially media which do not resize correctly) please use the secure contact form to get in touch with us immediately.