Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


WordPress Discovers Crucial Vulnerability; Recommends End-Users to Load Update

WordPress the widely-used blogging package of the open-source type has released its crucial update version 3.0.4, which it's urging every user to load immediately. Downloadsquad.switched.com reported this on December 30, 2010.

Available through the latest installations' admin dashboard, WordPress' recent version reportedly patches stubborn XSS (Cross-Site Scripting) vulnerabilities within KSES the HTML sanitation archive.

Importantly, an ordinary XSS assault will utilize the malware instantly, while a stubborn XSS assault is perilous as the exploit has the server hosting it. And whilst this occurs, the rendered web-pages display it for good.

Moreover, in an XSS assault, the attacker must entice victims into visiting a hijacked site, whereas in a stubborn XSS assault, the attacker simply waits and strikes merely when users log onto any given domain.

Meanwhile, a post on the Naked Security blog of Sophos Security states that the security flaw is abused with an exploit which is case-sensitive, implying that anybody can access WordPress if it isn't protected, merely by altering some alphabets to capital letters. Downloadsquad.switched.com published this.

Talking of the vulnerability, Sophos says it's pretty easy to exploit. Therefore, users must importantly spend some minutes and install the update. Further, as the sole alteration within WordPress' latest version is the current security patch, users needn't feel worried of any themes or plug-ins cracking.

Remarking about this patch, WordPress Chief Matt Mullenweg stated that he understood a security update wasn't any joy during holidays, yet the current one deserved to be embraced because the vulnerability had extensive consequences. Thinq.co.uk published this on December 30, 2010.

Furthermore, according to Mullenweg, in case anyone knew about the problem, he might as well review the changes. The expert said that he and other WordPress experts had thought about the problem plentifully as well as examined it thoroughly; however, because it was so fundamental they wanted a maximum number of people doing the same. Thetechherald.com reported this on December 30, 2010.

Ultimately, with the latest security update, WordPress has released two of them during December 2010, with the first being a compulsory update when a same type of XSS vulnerability was discovered.

Related article: WordPress Deactivated With Unexplained DDoS Assault

ยป SPAMfighter News - 1/11/2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page