Top
WordPress XSS flaw leaves millions of users vulnerable to hackers, again

WordPress XSS flaw leaves millions of users vulnerable to hackers, again

May 8, 2015

Via: itCurated
Category:

WORDPRESS HAS YET AGAIN left millions of its sites vulnerable after a scripting bug was found in two popular plugins.

The two culprits are JetPack, a customisation and performance tool with one million active installations, and TwentyFifteen, a theme designed to enable infinite scrolling that is installed into new WordPress sites as a default.

A Document Object Model (DOM)-based cross-site scripting (XSS) flaw has made the plugins vulnerable to hackers, and could affect millions of WordPress users.

The attack payload is executed as a result of modifying the DOM environment in a victim’s browser used by the original client side script, so that the client side code runs in an unexpected way.

Read More

RELATED PUBLICATIONS

Gemini Code Assist to Create APIs, Integrations, and Automation Flows in Public Preview
Focusing on the wrong open source issues
7 innovative ways to use low-code tools and platforms

Latest Publications

US Senate passes bill to ban TikTok: Here’s what happens now
Is the Arm version of Windows ready for its close-up?
Gemini Code Assist to Create APIs, Integrations, and Automation Flows in Public Preview
Software Curated Copyright © 2024. All rights reserved
Go to ITCurated!