Latest in Wordpress

Image credit:

Wordpress vulnerability leaves millions of sites open to attack

4 Shares
Share
Tweet
Share
Save

Sponsored Links

Wordpress Schwag

If you've got a Wordpress site, pay attention: A recently discovered vulnerability within the blogging platform leaves your site open to attack, according to the security firm Sucuri. So far, it affects the TwentyFifteen theme (installed by default) and the JetPack plugin, which has over a million installations. At issue is the the "genericons" Wordpress package, something that both of those Wordpress add-ons use, which comes with an insecure file that leaves sites open to a cross-site scripting vulnerability. If a hacker can trick you into clicking a malicious link, they can get full control of your Wordpress site. Thankfully, the fix is pretty simple: Just remove the "example.html" file from any instance of genericons in your Wordpress installation. Sucuri has also warned several hosting providers about the vulnerability, including Godaddy, Dreamhost and WPEngine who've already patched against the issue.

[Photo credit: Armando Torrealba/Flickr]

Source: Sucuri
In this article: Wordpress, XSS
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
4 Shares
Share
Tweet
Share
Save
Comments

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr