By Jonathan Trull
On November 20, WordPress announced a critical cross-site scripting vulnerability in the Internet’s most popular and widely used content management system. Initially discovered by Jouko Pynnonen with the Finnish IT company Klikki Oy, the vulnerability could allow anonymous users to compromise websites running versions of WordPress prior to 3.9.3.
This is an extremely serious vulnerability by virtue of the fact that it impacts millions of websites across the Internet and could allow an anonymous user to gain complete administrative control of these websites and potentially the underlying operating system. According to WordPress statistics, about 86 percent of all WordPress sites were using a vulnerable version as of November 20, 2014. Exploited sites could then be used to attack other users, or if the operating system is compromised, the machine could be used as part of a botnet. Reports indicate that this vulnerability is being actively exploited and that exploit code has been made available on the Internet for others to use and modify.
full article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.