According to a message posted by the research team on Sucuri Security, millions of WordPress sites could be at risk, referring to a flaw in the popular theme included in the default configuration.
See also : Moto X (2015): Specifications are displayed
The flaw feeds on a XSS vulnerability ( cross-site scripting ) known as a "DOM-Based XSS" or Document Object Model . According to the agency, the DOM is used to present the browser how to display headers, images, text and links that are displayed inside of a loaded WordPress theme.
The theme named Twenty Fifteen, is installed by default for all those who have WordPress, making it an especially important target for all the hackers who want to catch the biggest fish.
The flaw is amplified when a site administrator clicks a malicious link, either in an email or on a phishing site while logged into WordPress, allowing automatic analysis of the server to potentially enter.
We need to update the theme Fifteen Twenty
What makes it even more worrying is the fact that the bug does not require that your site performs Fifteen Twenty to operate . Indeed, since the theme is included in the database of each deployment, you might immediately be hacked.
If you have a WordPress site (regardless of the installed version), you must use the query tool to check and see if you might be vulnerable to attack.
Make sure you update the theme to be immunized against the threat.
See also : Moto X (2015): Specifications are displayed
The flaw feeds on a XSS vulnerability ( cross-site scripting ) known as a "DOM-Based XSS" or Document Object Model . According to the agency, the DOM is used to present the browser how to display headers, images, text and links that are displayed inside of a loaded WordPress theme.
The flaw is amplified when a site administrator clicks a malicious link, either in an email or on a phishing site while logged into WordPress, allowing automatic analysis of the server to potentially enter.
We need to update the theme Fifteen Twenty
What makes it even more worrying is the fact that the bug does not require that your site performs Fifteen Twenty to operate . Indeed, since the theme is included in the database of each deployment, you might immediately be hacked.
If you have a WordPress site (regardless of the installed version), you must use the query tool to check and see if you might be vulnerable to attack.
Make sure you update the theme to be immunized against the threat.