Need Computer Services? We Can Help! Call: (317) 585-0500

WordPress Flaw Leaves Sites Open to Attack

Time To Save Big Money With Your Business IT Solutions?

Seperator

Need Someone Reliable To Fix Your Computer Troubles?

Service Award
Top Imgs

You Got The Right Company To Help.

Reach Out To Our Team Today.

Spam

PCHelp protects your privacy. We will ensure your confidentiality.

WordPress scrambles to release security fix for vulnerability

Wordpress Security

 

WordPress issued an emergency fix to the major 4.2 version of its widely-used blogging software released just last week. The hurriedly launched version 4.2.1 was in response to a zero-day flaw that put tens of millions of WordPress sites at risk.

Jouko Pynnonen, a researcher with a Finnish IT company, discovered that by using a malicious JavaScript, a would-be hacker could attack a targeted site. The vulnerability could potentially impact all sites running version 4.2 or earlier of the WordPress platform.

According to Pynnonen, the issue lies with how WordPress handles input into the comments section of a blog post. The flaw enables hackers to run JavaScript stored in the comments section that could then allow the hacker to assume administrator privileges.

Pynnonen first blogged about this vulnerability on April 26th just three days after the release of version 2.4. He described the defect as a stored Cross Site Scripting (XSS) vulnerability.

To understand how this flaw can be used, a hacker simply needs to post some basic JavaScript code in the comments field and include sufficient text to exceed more than 64K of data. Once the comment is processed by the site administrator, the code will be executed.

“If triggered by a logged-in administrator, under default settings, the attacker can leverage the vulnerability to execute arbitrary code on the server via a plugin and theme editors,” said Pynnonen in a recent blog post.

In a statement released Wednesday, WordPress stated, “This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.”

Have questions about your website security?  Contact us immediately at (317) 585-0500 or drop us an email at info@pchservices.com.

Alexssa

Absolutely amazing. Matthew came to the office and worked with the laptop I had tried to fix myself. He listened carefully to what I reported, then worked with it for over an hour. He asked if he could take it back to his office to work with it. I agreed on the basis of a two-hour billable cap. He took it back to his shop, I’m sure spent way more than two hours fixing it, and returned to me a laptop I scarcely recognized–faster, working wireless, updated Cisco VPN software–perfection. In the course of his magic, he was always available to discuss the configuration, asked all the right questions and gave the right answers. He met the deadline I imposed. The service was so impressive that I asked about future availability to deal with a small business network if help was needed. There’s a team of folks ready to help.”

Michael Griffith

Connect With Your Computer Support Team

  • 2810 E 116th St Ste 160 Carmel, IN 46033
  • Weekdays 8AM-5PM
    Saturday 10AM-2PM
    Sunday Closed
  • 317.585_.0500