If you use WP-Super-Cache on WordPress upgrade immediately

 

As many as a million websites could be imperiled by a critical vulnerability recently discovered in WP-Super-Cache. The persistent cross-site scripting bug allows attackers to insert malicious code into WordPress-published pages that use the extension, according to a blog post published Tuesday by security firm Sucuri. Anyone who relies on the plug in should immediately upgrade to version 1.4.4, which has fixes for that bug and several others.

"Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc."

Info: http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
Upgrade from your dashboard or: https://wordpress.org/plugins/wp-super-cache/

Check this out on Google+

facebooktwittergoogle_plusredditpinterestlinkedin

Warren Buffett: Citizens United Pushes U.S. Toward a Plutocracy

"With Citizens United and other decisions that enable the rich to contribute really unlimited amounts, that actually tilts the balance even more toward the ultra-rich…The unlimited giving to parties, to candidates, really pushes us more toward a plutocracy. They say it’s free speech, but somebody can speak 20 or 30 million times and my cleaning lady can’t speak at all."

Check this out on Google+

facebooktwittergoogle_plusredditpinterestlinkedin