1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Attackers exploit vulnerabilities in two WordPress plugins

Discussion in 'Network World' started by RSS, May 7, 2015.

  1. RSS

    RSS New Member Member

    A vulnerability within two widely used WordPress plugins is already being exploited by hackers, putting millions of WordPress sites at risk, according to a computer security firm.

    The plugins are JetPack, a customization and performance tool, and Twenty Fifteen, used for infinite scrolling, wrote David Dede, a malware researcher with Sucuri. WordPress installs Twenty Fifteen by default, which increases the number of vulnerable sites.

    Both plugins use a package called genericons, which contains vector icons embedded in a font. In the package, there is an insecure file called “example.html” which makes the package vulnerable, Dede wrote.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page