More XSS Vulnerabilities Found in Wordpress Themes
More XSS Vulnerabilities Found in Wordpress Themes
By: Fahmida Rashid, PC Magazine
Several Wordpress themes have been found to host a cross-site scripting (XSS) vulnerability, according to a professional penetration tester. If you have a WordPress blog and are using one of the affected themes, you need to download the fixed themes and install them to close the XSS flaws.
XSS vulnerabilities can be found in Unite, Salutation, Intersect, and Traject themes from Parallelus, said Janne Ahlberg, a Finnish product security professional and a penetration tester. The themes generally range between $30 and $60 and can be easily found on Themeforest.net, a theme marketplace for Wordpress environments.
If left unpatched, attackers would be able to remotely execute JavaScript code on the site. Within a day of Ahlberg publicizing the issue, Parallelus took action, correcting all issues in the themes. Ahlberg claimed he had originally tried to send a Web form informing the developer about the issues and had gotten no response.
More XSS Vulnerabilities Found in Wordpress Themes
Kaspersky
Related Articles Business News
Kaspersky Lab Joins Forces with Merchant Risk Council to Help Combat eCommerce Fraud
As part of its mission to tackle online fraud, Kaspersky Lab has become the latest company to join forces with the Merchant Risk Council as Premier Solution Provider.Read More >Kaspersky Lab North America Recognized on CRN’s 2018 Security 100 List
Kaspersky Lab North America announced today that CRN®, a brand of The Channel Company, has named Kaspersky Lab to its third annual Security 100 list for endpoint security.Read More >Kaspersky Lab North America Releases its Inaugural Corporate Social Responsibility Report
Woburn, MA – December 19, 2017 – Kaspersky Lab North America today released its inaugural Corporate Social Responsibility Report, profiling the company’s continued commitment to volunteerism and philanthropy in the region over the past 12 months.Read More >