[ALUG] Critical bug in Wordpress - Again.

Andreas Tauscher ta at geuka.net
Fri May 8 19:48:23 EAT 2015


After the update to 4.2.1 last week to fix a critical XSS bug Wordpress
exploded again.
It is again XSS: https://wordpress.org/news/2015/05/wordpress-4-2-2/
And again the attacker can take hijack accounts.

This time in the genericons package.
The JetPack plugin and the default theme TwentyFifteen for example using
this package.
The bug is in the file genericons/example.html
So keep on updating. Actual version is now 4.2.2
Or at least remove the file genericons/example.html

Since the plugin infrastructure of Wordpress is simply horrible, you
might find this file several times.

Andreas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20150508/84671046/attachment.pgp>


More information about the Linux mailing list