Administrators of WordPress sites are warned again for a critical vulnerability in the popular content management system (CMS) allowing attackers vulnerable websites and blogs can take over completely.Like the critical vulnerability of last week , it is a cross-site scripting issue could allow an attacker JavaScript can put in comments.
As a logged-in administrator to see this code gets the attacker can execute arbitrary code on the server and thus compromise the website. It is also possible to change the administrator password, create new administrative accounts or perform other actions that normally only reserved to the administrator. The problem was Sunday a Finnish security researcher Jouko pynnönen revealed.
WordPress responded to the zero day flaw with an emergency patch is available for download since yesterday. Because of the severity of the vulnerability provides administrators advised as soon as possible to version 4.2.1 upgrade. When websites that the automatic update feature of WordPress have enabled the roll-out has already started. Security firm Sucuri has an analysis of the vulnerability put online.
No comments:
Post a Comment