WordPress bug is putting millions of websites at risk

6 May 2015

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Websites running on WordPress could be at risk of attack

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Millions of websites running on the WordPress content management system are at risk of attack, it has been claimed.

That’s according to security firm Sucuri, which has found that any WordPress plugin or theme that leverages the genericons package – a series of vector icons embedded in a webfont – is vulnerable, including the JetPack plugin, installed on more than 1m sites, and the TwentyFifteen theme, which is installed in all new WordPress blogs by default.

Sucuri advises website moderators using genericons to see if the package includes the ‘example.html’ file and, if it does, to remove it.

If you’re interested in learning the more technical aspects of this issue, it’s described in detail on the Securi blog. It follows the company’s December report that Google had blacklisted more than 11,000 web domains after a Soaksoak.ru malware campaign compromised more than 10,000 WordPress sites.

Securi linked the problem to the Slider issue a few months previous to that, which gave hackers the capability to download files directly from servers which had downloaded the ‘Slider Revolution Premium WordPress Plugin’.

Computer meltdown image via Shutterstock

 

 

66

DAYS

4

HOURS

26

MINUTES

Buy your tickets now!

Dean is a freelance journalist and editor covering media.

editorial@siliconrepublic.com