WordPress rolled out a new version of its content management system this morning that addresses a nasty cross-site scripting (XSS) vulnerability that could ultimately lead to site compromise.
Tag Archives: XSS
LifeLock Patches XSS That Could’ve Led to Phishing
Researchers identified a cross-site scripting vulnerability in a page on the LifeLock website that could allow an attacker to create an authentic-looking login page for the service and harvest usernames and passwords from customers. LifeLock patched the vulnerability quickly after researchers Blake Welsh and Eric Taylor from Cinder Cyber Research reported it. Welsh said via […]
Trio of Vulnerabilities Patched in Magneto Web App
A trio of vulnerabilities were recently patched in eBay’s Magento e-commerce web application that could have let attackers carry out a handful of exploits.
Popular WordPress SEO Plugin Fixes XSS Bug
The Yoast WordPress SEO plugin, which has been downloaded more than 14 million times, has a serious cross-site scripting vulnerability that can allow an attacker to force a vulnerable site to execute arbitrary HTML code. The bug may have been reported to the plugin’s developer as long as two years ago, but it was still […]
WordPress: Compromised Sites Leaking User Credentials
Only recently there were several reports of WordPress plugins and themes with vulnerabilities: Last week’s XSS vulnerability, multiple ones in the eCommerce shopping card plugin The CardPress, and a Zero Day exploit in WordPress 4.2.1.
This week it seems like there is yet another one. According to researchers at Zscaler there are a couple of compromised WordPress pages out there that are all leaking credentials. “The compromised sites run backdoor code, which activates when the user submits login credentials. The credentials are encoded and sent to an attacker website in the form of a GET request. Till now, we have identified only one domain “conyouse.com” which is collecting all the credentials from these compromised sites”, the page reads.
They conclude that WordPress, as one of the most popular Content Management Systems and blogging platforms, remains an attractive target for cybercriminals – especially due to the huge user base. Administrators should always keep their WordPress installations (including addons and themes) updated and patch as soon as there are security updates available.
If you want to find out more about the dangers you could face as a blog administrator and get some advice which might help you to protect your page, take a look at Ange Albertini’s blog article concerning the topic.
The post WordPress: Compromised Sites Leaking User Credentials appeared first on Avira Blog.
A Year Later, XSS Vulnerability Still Exists in eBay
A potentially dangerous XSS vulnerability has existed in eBay for more than a year and it doesn’t appear the company is a rush to fix the issue.
WordPress Patches Zero-Day Vulnerability
WordPress quickly turned around a patch for a stored cross-site scripting zero-day vulnerability in the CMS’ core engine.
Details on WordPress Zero Day Disclosed
A Finnish researcher has disclosed details on an unpatched stored cross-site scripting vulnerability in the WordPress core engine.
SearchBlox Fixes XSS, File Upload Flaws
SearchBlox, a provider of enterprise search technology, has patched several serious vulnerabilities in its flagship product, including cross-site scripting, cross-site request forgery and other issues. The company, which sells a variety of enterprise search products, has released version 8.2 of the main SearchBlox product to address the vulnerabilities, which were report to the CERT/CC at […]
Peristent XSS Vulnerability Plagues WordPress Plugin
A persistent cross-site scripting (XSS) vulnerability exists in some versions of a popular WordPress caching engine plugin.