Cloudlin wrote:Thats messed up :S Good thing I don't use wordpress
CyberFreak wrote:Nimo, I would also update your plugins while you are at it I can see atleast 1 out of date plugin that you are using.
Look behind youNimo wrote:If so, how could he know about my site's plugins?
He doesn't have dashboard access in my site
<!-- This site is optimized with the Yoast WordPress SEO plugin v1.6.3 - https://yoast.com/wordpress/plugins/seo/ -->CyberFreak wrote:Look behind youNimo wrote:If so, how could he know about my site's plugins?
He doesn't have dashboard access in my site
Boo!
Only joking. There are a few ways to see what plugins and versions users are running. Sometimes by just looking at the site you can work out what plugins they are using and the version (either roughly or exactly) by the features/appearance of the plugin.
In this case, I viewed the source of your homepage in my browser and it contained some information about 1 plugin that caught my attention
- Code: Select all
<!-- This site is optimized with the Yoast WordPress SEO plugin v1.6.3 - https://yoast.com/wordpress/plugins/seo/ -->
It shows the plugin you use and the version. That isn't really a problem if it is up to date but it isn't.
https://wordpress.org/plugins/wordpress-seo/changelog/
Shows the latest version as being 2.1.1. The version you are using is like 11 version out of date. The changelog also states some security fixes were made in some of those versions so really you need to update and soon.
See... Nothing malicious. Just using my web browser and publicly available information provided by your site. Something that even the dumbest script kiddie could do.
Update!!!!!! Update!!!!!! Update!!!!!!!!
paulojunior85 wrote:The problem affects the theme TwentyFifteen, installed by default, and the Jetpack plugin, which has more than one million installations.
In focus is the package "genericons" WordPress, something that WordPress add-ons use and comes with an unsafe file, leaving the site open to cross-site scripting vulnerabilities. If a hacker get deceive a user and do you click on a malicious link, he can acquire full control of said user site.
Fortunately, the fix for the problem is simple: just remove the file "example.html" genericons of any instance in your WordPress.
Return to Webmaster Questions, Discussion & News
Users browsing this forum: Bing [Bot], Claude [Bot] and 0 guests