More XSS Vulnerabilities Found in Wordpress Themes

October 3, 2012

More XSS Vulnerabilities Found in Wordpress Themes

By: Fahmida Rashid, PC Magazine

Several Wordpress themes have been found to host a cross-site scripting (XSS) vulnerability, according to a professional penetration tester. If you have a WordPress blog and are using one of the affected themes, you need to download the fixed themes and install them to close the XSS flaws.

XSS vulnerabilities can be found in Unite, Salutation, Intersect, and Traject themes from Parallelus, said Janne Ahlberg, a Finnish product security professional and a penetration tester. The themes generally range between $30 and $60 and can be easily found on Themeforest.net, a theme marketplace for Wordpress environments.

If left unpatched, attackers would be able to remotely execute JavaScript code on the site. Within a day of Ahlberg publicizing the issue, Parallelus took action, correcting all issues in the themes. Ahlberg claimed he had originally tried to send a Web form informing the developer about the issues and had gotten no response.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

More XSS Vulnerabilities Found in Wordpress Themes

More XSS Vulnerabilities Found in Wordpress Themes

About Kaspersky

Related Articles Press Releases

Kaspersky Lab Joins Forces with Merchant Risk Council to Help Combat eCommerce Fraud

Kaspersky Lab North America Recognized on CRN’s 2018 Security 100 List

Kaspersky Lab North America Releases its Inaugural Corporate Social Responsibility Report

Kaspersky Lab Appeals U.S. Department of Homeland Security Debarment

Poor Security Practices put Cloud-Driven Business Growth and Cost Savings at Risk

Kaspersky Lab Story of the Year 2017: More Than One Quarter of Ransomware Attacks Target Businesses

Kaspersky Lab Survey: IT Security Experts Uncertain on How to Combat Targeted Attacks

Kaspersky Lab Creates Pop-Up Shop Experience Using New Currency to Showcase the Value of Personal Data

Kaspersky Lab Enters Endpoint Detection and Response Market with New Solution

Kaspersky Lab North America Champions National Cyber Security Awareness Month 2017