banner

Attackers exploit vulnerabilities in two WordPress plugins

Written by Cio
wordpress_vuln
  • Cio
  • 2 years ago

wordpress_vuln

A vulnerability within two widely used WordPress plugins is already being exploited by hackers, putting millions of WordPress sites at risk, according to a computer security firm.

The plugins are JetPack, a customization and performance tool, and Twenty Fifteen, used for infinite scrolling, wrote David Dede, a malware researcher with Sucuri. WordPress installs Twenty Fifteen by default, which increases the number of vulnerable sites.

Both plugins use a package called genericons, which contains vector icons embedded in a font. In the package, there is an insecure file called “example.html” which makes the package vulnerable, Dede wrote.

Read More

0 0
Article Categories:
Attacks & Breaches

Leave a Comment

Your email address will not be published. Required fields are marked *