For owners of WordPress sites this week, there is an important security update released that fixes a vulnerability that could allow an attacker to take over the site completely. According to the developers of WordPress, it is a critical cross-site scripting vulnerability that allows anonymous users can compromise the website.
The leak, which was discovered by Belgian security researcher Cedric Bockhaven is present in WordPress 4.1.1 and older. In addition to these vulnerabilities are also fixed three other leaks. The impact of these leaks are less severe. The developers of WordPress report in the announcement of the update this week also for different plug-ins security updates are released."Keep everything up to date in order to stay safe," said Gary Pendergast WordPress.
Unpatched plugins and WordPress installations are in fact a major reason why attackers managed to hijack websites. As revealed in late March that thousands of WordPress websites were hacked through a leak in a popular plug-in which has long been an update is available. The hacked sites were then used to spread malware. Because of the severity of the vulnerability patched now also has the US government Readiness Team (US-CERT) issued a warning issued and advises administrators to WordPress 4.1.2 upgrade.
No comments:
Post a Comment