Website Hosting for Just 20 ForumCoin ~ Advertise on ForumCoin
52 Life Tips Banner
Webmaster forum. Website development, design & management. Graphic design. Blog / Forum Set-up, Management, Admin & News

Re: Wordpress Vulnerability

Postby paulojunior85 » 15 May 2015, 19:56

halcyon220 wrote:
paulojunior85 wrote:The problem affects the theme TwentyFifteen, installed by default, and the Jetpack plugin, which has more than one million installations.
In focus is the package "genericons" WordPress, something that WordPress add-ons use and comes with an unsafe file, leaving the site open to cross-site scripting vulnerabilities. If a hacker get deceive a user and do you click on a malicious link, he can acquire full control of said user site.

Fortunately, the fix for the problem is simple: just remove the file "example.html" genericons of any instance in your WordPress.


how do you know this?


I have a friend that knows a lot about computer, wordpress and many things and one day he said about this.
  • 0

User avatar
paulojunior85
 
Posts: 2,042
Referrals: 266
ForumCoin: 116

Re: Wordpress Vulnerability

Postby nejnej25 » 19 May 2015, 03:22

This is something new to me. Thanks for this. I will remember this. Thumbs up.
  • 0

User avatar
nejnej25
 
Posts: 507
Referrals: 2
ForumCoin: 132

Re: Wordpress Vulnerability

Postby salah29 » 20 May 2015, 14:03

Wow ; that's strang ,
Wordpress are send new update to fix this bug ;
  • 0

salah29
 
Posts: 117
Referrals: 1
ForumCoin: 17

Re: Wordpress Vulnerability

Postby loudawg » 20 May 2015, 14:14

WordPress will always have its holes sadly due to how popular it is. I can't stress enough tho how important it is to make sure wordpress and its plugins are always updated! Many of the old versions are still used with flaws allowing easy access.
  • 0

User avatar
loudawg
Banned
 
Posts: 576
Location: Sunny Scotland
ForumCoin: 250

Re: Wordpress Vulnerability

Postby ruben718 » 22 May 2015, 20:11

I prefer wordpress with vulnerable or not, already installed a patch that corrects this mistake! But I will use new tools identical to the web such as drupal, joomla, etc.
  • 0

ruben718
 
Posts: 101
ForumCoin: 8

Re: Wordpress Vulnerability

Postby thisnthat » 22 May 2015, 21:38

My wordpress gets updated automatically. My plug ins don't. I guess that's something that I need to be more mindful of. I heard about the vulnerabilities recently. I then noticed that (one of my) plugins had prevented malicious log ins. I never had issues with malicious logins before this.
  • 0

User avatar
thisnthat
 
Posts: 5,538
Referrals: 1
ForumCoin: 383

Re: Wordpress Vulnerability

Postby LShun » 23 May 2015, 01:21

I agree, that's the reason most people head for the .com version because its less technical and require less maintenance.
  • 0

User avatar
LShun
 
Posts: 747
Referrals: 8
ForumCoin: 140

Re: Wordpress Vulnerability

Postby frankydoodle » 13 Jun 2015, 21:40

The wordpress website should take action on this. Many bloggers and even online earners are at risk of this security vulnerability. Security is really an illusion these days. Let us always be cautious and careful with the websites we are using.
  • 0

frankydoodle
Banned
 
Posts: 85
ForumCoin: 430

Re: Wordpress Vulnerability

Postby walash » 15 Jun 2015, 04:34

My side project blog was hacked through this. They actually injected some malwares into my files and my page got blacklisted... this sucks.
  • 0

User avatar
walash
 
Posts: 307
Referrals: 1
ForumCoin: 415

Re: Wordpress Vulnerability

Postby fab » 15 Jun 2015, 08:51

is good to know , I used the wp a long time , and I was wanting to open a new blog , I'll be on it
  • 0

User avatar
fab
 
Posts: 1,304
ForumCoin: 0

Re: Wordpress Vulnerability

Postby ripadas » 15 Jun 2015, 12:08

I never had problems with wordpress CMS and only become vulnerable if we want to ...
  • 0

User avatar
ripadas
 
Posts: 444
Location: Portugal
Referrals: 3
ForumCoin: 66

Re: Wordpress Vulnerability

Postby Allius » 15 Jun 2015, 15:06

I'm glad you put this information here. It's just that I was considering creating my website / blog with wordpress ... I think I gave up to consider it!
  • 0

User avatar
Allius
 
Posts: 2,475
ForumCoin: 155

Re: Wordpress Vulnerability

Postby Hugop » 15 Jun 2015, 17:40

Thanks for the sharing, I will update my wordpress sites made in 2011 :)
  • 0

User avatar
Hugop
 
Posts: 774
Location: Luxembourg
Referrals: 4
ForumCoin: 1

Re: Wordpress Vulnerability

Postby sakithanavod » 15 Jun 2015, 18:00

That's worst thing that can happen to a blogger! If you are using a free wordpress blog it always can happen.Because, you can't use any protection plugin to secure site if you are using free wordpress blog.
  • 0

User avatar
sakithanavod
 
Posts: 137
Referrals: 1
ForumCoin: 43

Re: Wordpress Vulnerability

Postby fabiof00 » 15 Jun 2015, 19:50

Thanks for finding this issue and warning us!

A question though:
Has it been considered to fix this in the functions mentioned themselves?
If you would filter the input within the functions, then all plugins would be safe with the update of WP without the need to fix each plugin individually.
An argument as to that it would cost too much resources doesn't hold as the filter has to be executed nonetheless.

Any remarks?
  • 0

fabiof00
 
Posts: 221
Location: Setúbal, Portugal
ForumCoin: 17

Re: Wordpress Vulnerability

Postby silverleafy » 15 Jun 2015, 19:57

for me wordpress wotked pretty fine until now :D
  • 0

User avatar
silverleafy
 
Posts: 602
ForumCoin: 0

Re: Wordpress Vulnerability

Postby kat82 » 27 Aug 2023, 13:22

There is the trick I use on my WordPress. I use a fake nickname where all hackers will miss it since it's known only to me unless someone accesses my FTP. If you use known login names like admin, etc, chances are that your site will be exploited by hackers intending to do whatever they want.
  • 0

User avatar
kat82
 
Posts: 4,311
Location: Kampala, Uganda
Referrals: 70
ForumCoin: 1,002

Re: Wordpress Vulnerability

Postby mrki444 » 27 Aug 2023, 15:23

There is less vuneralbilites in Wordpress than in Wordpress plugins. Plugins are often hackers target. Latest big, popular plugin with zero day vunerability was Ultimate Member. One the most popular plugins for user managment.
  • 0

mrki444
 
Posts: 29,564
Location: Croatia
Referrals: 1
ForumCoin: 1,193

Re: Wordpress Vulnerability

Postby Mika » 06 Sep 2023, 12:00

I never have had any issues with wordpress. If you implement things like, using light weight themes, limiting plugin usage and using SSL, wordpress is perfect
  • 0

User avatar
Mika
 
Posts: 8,084
ForumCoin: 916

Previous


Your Ad Here.

Return to Webmaster Questions, Discussion & News



Who is online

Users browsing this forum: Claude [Bot], Google [Bot] and 9 guests

Reputation System ©'