WordPress vulnerability makes it easy to hijack millions of websites The WordPress content management system is vulnerable to two newly discovered threats. Both vulnerabilities are known as stored, or persistent, cross-site scripting (XSS) bugs. The bugs allow an attacker to inject code into the HTML content received by administrators. The attackers can embed malicious code… Read more »
WordPress have released a critical security update for all previous versions of WordPress. WordPress have now made version 4.1.2 available.The WordPress security team discovered that versions 4.1.1 and earlier have a critical cross-site scripting vulnerability. This could enable anonymous users to compromise a site. Along with this particular vulnerability, the WordPress team also fixed the… Read more »
A vulnerability recently discovered in WP-Super-Cache could put millions of websites at risk. The WordPress plugin, WP-Super-Cache, generates static HTML files from dynamic WordPress blogs. The vulnerability allows attackers to insert malicious code into WordPress pages that use the extension. Security firm Sucuri commented: Using this vulnerability, an attacker using a carefully crafted query could… Read more »