WiredTree, a managed server hosting provider, warned of the WordPress users People 'All in One SEO pack' plugin to update to the latest version as soon as possible. According WiredTree, a flaw in versions prior to 2.3.7 could leave vulnerable sites in a cross-scripting attack that would allow malicious third party to take control
The vulnerability -. Wordfence reported by July 12 - was quickly fixed by the plugin developer but WiredTree believes many sites may still be vulnerable. The hosting provider that hosts thousands of websites WordPress wants to raise awareness to reduce the risk of innocent site owners who lose control of their websites.
"Cross-site scripting vulnerabilities occur because it is difficult to clean up all the potential route through which an attacker can inject code," said Zac Cogswell President of WiredTree . "Once this vulnerability has been discovered, developers have fixed the problem and made a patch available. We want to ensure that every owner of WordPress website is aware of the problem and take the necessary steps to protect their site and their users. "
Cross-site scripting vulnerabilities are among the most common security problems for sites that accept user-generated content. In this case, the problem lies in the functionality provided to block access to known bad robots . When the function blocks of a malicious bot, it displays the HTTP request sent by the bot in the dashboard of WordPress site. Because the demand was not disinfected, a malicious application could include code, which when the dashboard is loaded by an administrator send sensitive data, including authentication cookies to the attacker.
Decreasing the risk attack is simple, like WordPress site owners can easily update the plugin from their table WordPress administrative board.
WiredTree is a company specializing in managed hosting solutions. Their services include virtual, hybrid and dedicated web hosting.
0 Komentar