More Bad News for WordPress
The Register reports that a researcher for the security firm Sucuri has uncovered a cross-site scripting (XSS) attack that targets WordPress websites. The news comes on the heels of recent announcements regarding security issues for WordPress and other CMS systems. The attack targets the WordPress Twenty Fifteen theme (which is part of the default configuration), as well as the Jetpack plugin.
According to the report, the attack modifies the example.html file that comes with the Genericons package. Because the cross-site scripting occurs with the example file present on the client system, the entire attack takes place on the client – without leaving a footprint in the network history.
Users are advised to remove the Genericons package/example.html file or update to version 4.2.2, which should fix this vulnerability.
Related content
- More than 2000 WordPress Sites Infected by Malware
-
News for Admins
Electron app vulnerability, WordPress sites infected by malware, Torvalds calls Intel's patch garbage, AMT flaw in Intel chips allows attacker to create a backdoor, and first malware for Mac OS in 2018.
- Hackers Started Exploiting Drupal Bug
-
Distributed denial of service attacks from and against the cloud
In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, allowing attackers to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it. -
WordPress, Joomla, and Drupal compared
Open source content management systems have an abundance of extensions scattered across the web. We compare the features of three CMSs against various consumer requirements.