If you’ve got a WordPress site, pay attention: A recently discovered vulnerability within the blogging platform leaves your site open to attack, according to the security firm Sucuri. So far, it affects the TwentyFifteen theme (installed by default) and the JetPack plugin, which has over a million installations. At issue is the the “genericons” WordPress package, something that both of those WordPress add-ons use, which comes with an insecure file that leaves sites open to a cross-site scripting vulnerability. If a hacker can trick you into clicking a malicious link, they can get full control of your WordPress site. Thankfully, the fix is pretty simple: Just remove the “example.html” file from any instance of genericons in your WordPress installation. Sucuri has also warned several hosting providers about the vulnerability, including Godaddy, Dreamhost and WPEngine who’ve already patched against the issue.
[Photo credit: Armando Torrealba/Flickr]
Article source: http://www.engadget.com/2015/05/07/wordpress-xss-bug/