Basket £ 0.00 (0 items)
You are here: HomeArticle › WordPress plug-in flaw puts over 1 million websites at risk

WordPress plug-in flaw puts over 1 million websites at risk

From Computerworld.com

"Owners of WordPress-based websites should update the Jetpack plug-in as soon as possible because of a serious flaw that could expose their users to attacks.

Jetpack is a popular plug-in that offers free website optimisation, management and security features. It was developed by Automattic, the company behind WordPress.com and the WordPress open source project, and has over 1 million active installations.

Researchers from web security firm Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.

The issue is located in the Shortcode Embeds Jetpack module which allows users to embed external videos, images, documents, tweets and other resources into their content. It can be easily exploited to inject malicious JavaScript code into comments.”

Read more at Computerworld.com


NCC Weekly News Update 31 May 2016 

 

Contact

For more information about The National Computing Centre and our services, please contact us at the details below:

Email: info@ncc.co.uk
Telephone: +44 (0)870 908 8767
Fax: +44 (0)870 134 0931

Click here for more contact information


TwitterFollow us on Twitter
Linked InJoin our LinkedIn Group
FBLike us on Facebook

 

Management Guidelines

NCC Guidelines Vol 5 No 1

more in Management Guidelines

 

Professional Development

Cloud Computing

more in Professional Development

 

Analyst Digest

September 2016 Bulletin published

more in Analyst Digest