The popular CMS is being increasingly targeted by exploiters
WordPress is by far the most popular content management system (CMS), powering almost a quarter of the whole web. It’s no surprise therefore that it comes under constant scrutiny from hackers and criminals eager to exploit its growing popularity.
SaaS (Security-as-a-Service) provider Zscaler reported that a number of WordPress-based websites have been compromised with users trying to login to them being served malicious code as part of the login page. Once captured, that data is then sent, in an encrypted format, to the hacker.
Keeping your WordPress website up to date is very often just a matter of allowing the CMS to auto update to the latest version, which is currently 4.2.2.
The latter also solves a flaw that affected the Genericons WordPress package, a vulnerability that uses DOM-based cross-site scripting. What makes it a high-profile flaw is that it potentially affects millions of websites worldwide.
According to David Dede, who was part of the Sucuri team that found the flaw: “The main issue here is the Genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.”
WordPress 4.2.2 solves that weakness as well as another DOM-based vulnerability and more than a dozen other less important bugs.
Source: Techradar
Recommended For You:
- 5 Easy Steps To Activate Gotv For The First Time in Nigeria
- Steps You Can Take Now to Find a University Scholarship
- How to Find Study Abroad Scholarships As An International Student
- How To Reset Gotv Decoder After Payment in Nigeria
- 10 Universities Offering Full Scholarships to Undergraduate…
- How to Find Financial Aid For International Students in America