Theres a new vulnerability with WordPress.
The vulnerability was discovered by Jouko Pynn√∂nen of Klikki Oy.
Wordpress Team has released a update to solve it.
Update your WordPress immediately!
If your WordPress site allows users to post comments via the WordPress commenting system, you‚Äôre at risk. An attacker could leverage a bug in the way comments are stored in the site‚Äôs database to insert malicious scripts on your site, thus potentially allowing them¬†to infect your visitors with malware, inject SEO spam or even insert backdoor in the site‚Äôs code if the code runs when in a logged-in administrator browser.
Read more at https://blog.sucuri.net/2015/04/critical-persistent-xss-0day-in-wordpress.html
Since lot of people is using¬†WP-Super-Cache, we would like to advise our clients that¬†WP-Super-Cache has a recent discovered¬†vulnerability.
Security Risk: Dangerous
Exploitation level: Very Easy/Remote
DREAD Score: 8/10
Vulnerability: Persistent XSS
Patched Version:¬† 1.4.4
WordPress is the most used CMS for blogging and other ends.
It has a infinite number of plugins developed with love!, but some of them can hurt your website performance, SEO, security etc.
Theses plugins creates an huge reading and writing on the database.
They create a negative impact on your website’s performance and also affect you SEO.
You can use any service that records and stores your stats off site.
Like Stats Plugins, theses plugins creates an huge reading and writing on the database besides that they usually use¬†¬†inefficient queries, poor caching, or poor scaling on large sites.
Any service that handles the relationship logic off-site like
These plugins have associated security issues.
These plugins don‚Äôt perform well especially on large sites.
- This can cause performance issues. There are no recommended alternatives at this time.
A¬†security researcher from Salesforce.com‚Äôs product security team, Nir Goldshlager (Twitter, blog), has discovered an XML vulnerability that impacts the popular website platforms WordPress and Drupal.
We strongly encourage you to update your WordPress installations¬†immediately.
Continue reading Important security breach on WordPress and Drupal