WordPress has fixed a cross-site scripting (XSS) flaw in its blogging software.
Version 2.6.5 also addresses three unrelated performance and stability bugs with the open source package. The XSS fixed by the latest version of the software is limited to particular setups involving IP-based virtual servers running on Apache 2.x.
In those setups it might be possible for hackers to rig systems so that they serve up malicious Java Script from domains under their control, as explained in an advisory by WordPress here.
WordPress has jumped from version 2.6.3 to 2.6.5 of the software in order to avoid confusion with 2.6.4, a fake version recently offered up by black hats via a bogus site. Sysadmins were directed to download the backdoor-rigged code earlier this month by hackers exploiting vulnerabilities in the blogging package. ®
Similar topics
Narrower topics
- Authentication
- Black Hat
- Common Vulnerability Scoring System
- Cybercrime
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- DDoS
- Digital certificate
- Encryption
- Exploit
- Firewall
- Hacker
- Hacking
- Identity Theft
- Infosec
- Kenna Security
- NCSC
- Palo Alto Networks
- Password
- Phishing
- Ransomware
- REvil
- Spamming
- Spyware
- Surveillance
- TLS
- Trojan
- Trusted Platform Module
- Wannacry
- Y2K
- Zero Day Initiative
- Zero trust