The Latest in IT Security

WordPress Premium Theme XSS Vulnerability

03
Oct
2012

On Tuesday, we shared a rather silly video which made a serious point about the need to keep websites secure.

Unfortunately, limiting potential website vulnerabilities is not exactly intuitive. There’s always additonal stuff one needs to consider.

For example, let’s take the very popular WordPress(.org) publishing platform. WordPress itself does a pretty good job when it comes to maintaining its security. Unfortunately, the same cannot be said for everybody that runs WordPress websites. Many website admins allow their WordPress installations to fall out of date, and there are numerous compromised WordPress sites online as a result.

But even those admins that do keep their platform up to date still have things to worry about, such as themes.

Product security professional and pentester, Janne Ahlberg, has discovered several WordPress themes by Parallelus that are affected by a reflected cross-site scripting (XSS) vulnerability.

Here’s a screenshot of the XSS vulnerability demonstrated with the Unite theme:

Para.llel.us Unite

Based on Ahlberg’s tests, the XSS vulnerability can be used to execute remote JavaScript. Affected sites include personal blogs, but also corporate websites. You can read more information on his blog: Janne’s corner.

And for more information on securing your WordPress installation, see this article: Hardening WordPress.

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments