Millions of WordPress Websites Affected By Plugin Vulnerability

djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
2,780
Millions of WordPress Websites Affected By Plugin Vulnerability
by Matt Southern, Search Engine Journal
May 6, 2015

Web security firm Sucuri has reported on the discovery of a WordPress plugin vulnerability affecting any site that uses the genericons package.

At this time, the JetPack plugin (installed on over 1 million sites) and the TwentyFifteen theme (installed by default) have been identified as vulnerable. Apparently, any plugin is potentially vulnerable if it includes the example.html file that comes with the genericons package.

That being said, the simple fix to protect yourself from this vulnerability is to remove the example.html file from the genericons package, which is unnecessary to begin with.
Read more...
 

djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
2,780
Note:

Even if you're not using the TwentyFifteen theme, the security risk of an unpatched version may still be present. The theme is installed by default and an update is already available.

As a general rule, it is best practice to delete any WordPress themes and plugins you're not using to avoid unnecessary security vulnerability issues.
 

Weekly Digest

Weekly Digest
Subscribe/Unsubscribe

Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

Local Search Forum


Google Product Exert

@LocalSearchLink

Join Our Facebook Group

Top