Millions of WordPress sites have been left vulnerable by a scripting flaw found in two popular plugins, one of which is present in the default installation of the blogging platform, reports Computer World.
The two plugins are JetPack and Twenty Fifteen, the first of which is a customization and performance tool, and the latter is a theme designed to allow infinite scrolling. Twenty Fifteen is installed into new WordPress sites as a default, multiplying the number of potential targets.
The vulnerability is said to be easy for cybercriminals to exploit, but also simple to fix. WordPress users should remove the genericons/example.html file immediately to ensure the safety of their sites.
According to PC World a number of hosting sites have already made relevant steps to patch the problem, including GoDaddy, DreamHost and ClickHost.
The company claims to run around 23 per cent of websites on the internet, so it will hope to fix these flaws as quickly and as efficiently as possible.
by Kyle Ellison, ESET