Security Update for loophole hit 300,000 WordPress site

May

4

2016

Declared site Sucuri specialist in the security of Web applications and protect the discovery of a security vulnerability of the type of XSS add bbPress own blogging platform WordPress WordPress.

It uses this add more than 300 thousand web site is highlighted by the Special platform blogging WordPress.org technical support forum, was the discovery of the gap for the first time on April 12 / May last, was reported to the team bbPress, that was released a security update to close on May 2 / May.

And targeted a gap copy bbPress 2.5.8 and the last one, it can be this kind of gaps Almhalbn of implant malicious software code can have access to user accounts and control.

Technical details of the loophole bbPress
The gap to exploit a software function Function in the addendum and important this function is to convert the code mentions references to links Hyperlinks. However, if a user sends Hyperlink Link contains a reference to a user, the final link will be damaged due to the presence of more than double quotation mark, and thus allow the user to embed any software from malicious code can access the target user’s account.

Developers are advised bbPress users who use the addendum to verify the update to the version number 2.5.9 , which was launched yesterday.

Viewing:-92

In: Technology & Gadgets Asked By: [15197 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »