Latest in Wordpress

Image credit:

Wordpress vulnerability leaves millions of sites open to attack

Share
Tweet
Share

Sponsored Links

If you've got a Wordpress site, pay attention: A recently discovered vulnerability within the blogging platform leaves your site open to attack, according to the security firm Sucuri. So far, it affects the TwentyFifteen theme (installed by default) and the JetPack plugin, which has over a million installations. At issue is the the "genericons" Wordpress package, something that both of those Wordpress add-ons use, which comes with an insecure file that leaves sites open to a cross-site scripting vulnerability. If a hacker can trick you into clicking a malicious link, they can get full control of your Wordpress site. Thankfully, the fix is pretty simple: Just remove the "example.html" file from any instance of genericons in your Wordpress installation. Sucuri has also warned several hosting providers about the vulnerability, including Godaddy, Dreamhost and WPEngine who've already patched against the issue.

[Photo credit: Armando Torrealba/Flickr]

In this article: Wordpress, XSS
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Windows XP source code leak sheds light on Microsoft's OS history

Windows XP source code leak sheds light on Microsoft's OS history

View
NASA wants ideas for keeping Moon missions powered in the dark

NASA wants ideas for keeping Moon missions powered in the dark

View
NASA delays its Titan drone mission by another year

NASA delays its Titan drone mission by another year

View
SpaceX scales back plans for Starship's first high-altitude flight

SpaceX scales back plans for Starship's first high-altitude flight

View
Apple Watch Series 3 owners deal with random reboots in watchOS 7

Apple Watch Series 3 owners deal with random reboots in watchOS 7

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr