1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress fixes actively exploited flaw

Discussion in 'Network World' started by RSS, May 7, 2015.

  1. RSS

    RSS New Member Member

    A new WordPress version released Thursday fixes two critical cross-site scripting (XSS) vulnerabilities that could allow attackers to compromise websites.

    One of the flaws is located in the Genericons icon font package that is used by several popular themes and plug-ins, including the default TwentyFifteen WordPress theme.

    Researchers from Web security firm Sucuri warned Wednesday that they’ve already seen attacks targeting this XSS vulnerability.

    To exploit it, attackers need to trick users to click on specifically crafted links, but once they do that, they can leverage the flaw to steal authentication cookies. If the victim is a website’s administrator, they could gain full control over that website.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page