WORDPRESS HAS YET AGAIN left millions of its sites vulnerable after a scripting bug was found in two popular plugins.
The two culprits are JetPack, a customisation and performance tool with one million active installations, and TwentyFifteen, a theme designed to enable infinite scrolling that is installed into new WordPress sites as a default.
A Document Object Model (DOM)-based cross-site scripting (XSS) flaw has made the plugins vulnerable to hackers, and could affect millions of WordPress users.
The attack payload is executed as a result of modifying the DOM environment in a victim’s browser used by the original client side script, so that the client side code runs in an unexpected way.