More Bad News for WordPress


Potential cross-site scripting attack doesn’t even need to cross sites.

The Register reports that a researcher for the security firm Sucuri has uncovered a cross-site scripting (XSS) attack that targets WordPress websites. The news comes on the heels of recent announcements regarding security issues for WordPress and other CMS systems. The attack targets the WordPress Twenty Fifteen theme (which is part of the default configuration), as well as the Jetpack plugin.

According to the report, the attack modifies the example.html file that comes with the Genericons  package. Because the cross-site scripting occurs with the example file present on the client system, the entire attack takes place on the client – without leaving a footprint in the network history.

Users are advised to remove the Genericons package/example.html file or update to version 4.2.2, which should fix this vulnerability.

Cross-Site: Scripting: More Bad News for WordPress

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=