Notice: Trying to access array offset on value of type bool in /home/bestouk/public_html/CMS/Scripts/PageViewCounter.php on line 77
Wordpress xss vulnerability

Vulnerabilities in WordPress themes and plug-ins affects millions of WordPress users

Published on 7th May 2015

Two major vulnerabilities have been found in Wordpress that would allow an attacker to compromise your site. We recommend that all WordPress users urgently upgrade their installations to the latest version 4.22 which has been issued to patch these problems. You can do that by going over to 'Dashboard' => 'Updates' and simply click "Update Now".

The first vulnerabilty has been found in the JetPack plugin and in the Twenty Fifteen default theme that is added by default in many WordPress installations.

Sucuri explains that...

"Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million active installs) and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs. The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package."

A second vulnerability has been discovered by WordPress which would enable a commenter to compromise a site. Again, this is patched in the latest version which we recommend you install now.

More information has been given by WordPress on their blog.


View all blog posts

Shorter is better!

The new .uk domains are now available.

Register yours now

Our Content Management System (CMS) is a flexible and efficient way to manage your site...

Find out more


Webmail is a convenient mean to help you check your email when you are away from your own computer. You can compose, send, receive, forward, search for email addresses and manage email messages from any computer connected to the Internet. Messages are stored with your web space.

Horde and RoundCube are the two applications used to provide you with this facility and are included with all our hosting packages.


This website is using cookies, click here for more info.

That's Fine