Follow on Google News News By Tag Industry News News By Place Country(s) Industry News
Follow on Google News | Information Security Professionals Release Update to Mitigate WordPress Author VulnerabilityInformation Security Professionals Release Update to Mitigate WordPress Author Vulnerability
By: EC-Council Recently, information security researchers identified vulnerabilities in WordPress publishing platform. The vulnerability could have allowed contributors with malicious intentions to gain additional privileges to the website. The vulnerability has been identified as cross-site scripting issue in the request file system credentials function. Cross-site scripting weakness was also identified in the plugin deleting process. Generally, information security researchers use ethical hacking to identify vulnerabilities. In this case, a Russian based researcher is credited for identifying the vulnerability. In response to the moderate risk vulnerability, information security professionals have released Wordpress 3.0.2 as an update to the existing version. The new version fixes the cross-site scripting vulnerability. The security update also fixes a vulnerability, which allowed comment spammers to circumvent a feature, which limits the number of trackbacks and pingbacks. Over the recent times, WordPress has faced repeated attacks by hackers. In 2009, attackers tried to gain administrative privileges by cracking administrative passwords. In early 2010, hackers redirected servers of a network company using WordPress platform to a malicious webpage. Websites are frequent targets of cross-site scripting, SQL injection and iframe Injection attacks. Some of the measures to control web-based attacks include use of strong passwords, multi-factor authentication and adequate input and output validation. # # # iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI). The iClass program was designed with the IT Security Professional's busy schedule in mind; Choose from course on iPads, iPods, Netbooks or simply train via streaming video! http://iclass.eccouncil.org/ End
|
|