Skip to main content
  1. Home
  2. Computing
  3. News

WordPress vulnerability affects millions of sites, and yours could be next

Add as a preferred source on Google

According to a post by the security research team at Sucuri, millions of WordPress websites could be at risk for exploitation thanks to a defect in a popular theme included in the default setup.

The exploit feeds off an XSS vulnerability known as a “DOM-Based XSS,” or Document Object Model. According to the independent vetting agency, DOMs are used to teach a browser how to display headers, images, text, or links that are displayed inside a WordPress loadout theme.

Recommended Videos

The theme (called “Twenty Fifteen” despite the fact that it was released last year), is installed by default in all core builds of the current WordPress distribution, making it an especially large target for any hackers who want to catch the biggest fish they can with the smallest net.

The crack digs its claws in when a site administrator clicks a malicious link either in their email or on a phishing website while logged into WordPress, enabling an automatically scan of the server for a potential hole to get in.

What makes this especially worrisome is the fact that the bug doesn’t need your site to be running a version of Twenty Fifteen for it to be a problem. Because the theme is included in the database of every rollout, it’s automatically a given that you could be hacked.

If you own a WordPress site (regardless of the version installed), you should use the query tool to check and see if you might be vulnerable to an attack.

The larger domain hosts such as GoDaddy and ClickHost have already scrubbed through their subscriber base and removed any traces of the bug, but in case you’re either running an independent server, or your host isn’t listed here, be sure to make the change yourself to immunize you or your users from the threat.

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
Every app on my phone has decided I need AI, and none of them bothered to ask
AI assistants are invading everything from photo libraries to messaging apps, and dismissing them only seems to guarantee they’ll return later.
Electronics, Phone, Mobile Phone

My wife doesn’t use AI very much. She isn’t philosophically opposed to it, nor is she waiting for the machines to overthrow civilization. She simply opens Google Photos because she wants to look at her photos.

Lately, however, the app keeps greeting her with invitations to try its AI tools. Google would very much like her to search her library conversationally, generate something new, or ask Gemini to edit a photo. She dismisses the prompt, gets on with her life, and eventually meets it again.

Read more
Shopping for Back-to-school? These are the gaming laptops I’d recommend
Powerful enough for AAA games, practical enough for everyday lectures, assignments, and everything in between.
oled gaming laptop

Every gamer knows the pain of trying to do too much with the wrong hardware. Back-to-School is the perfect excuse to fix that. A good gaming laptop shouldn’t just hit high frame rates -- it should also survive endless browser tabs, assignments, coding sessions, video edits, and everything else college throws at it. These five machines strike that balance better than most, which is exactly why they’d be my picks this semester.

Alienware 16 Aurora

Read more
Google’s AI just recreated the best goal ever by Pele that was never actually filmed
My heart is full after watching the clip, and it will bring tears of joy to every true football fan.
Pele footballer.

If you look at the AI landscape, a majority of its usage in the film and television industry has been pretty controversial. Bringing dead actors to life on a screen, using AI to record vintage songs that were never completed, or just using it to film scenes or handle any other part of the creative process — the backlash has been pretty vocal. But there are a few slivers of hopeful AI usage, too, and Google just delivered one of those in a heartwarming fashion using Gemini AI.

I wonder the world never archived

Read more