Skip to main content

WordPress vulnerability affects millions of sites, and yours could be next

wordpress vulnerability affects millions of sites and yours could be next n6yxinh
Image Credit: WordPress
According to a post by the security research team at Sucuri, millions of WordPress websites could be at risk for exploitation thanks to a defect in a popular theme included in the default setup.

The exploit feeds off an XSS vulnerability known as a “DOM-Based XSS,” or Document Object Model. According to the independent vetting agency, DOMs are used to teach a browser how to display headers, images, text, or links that are displayed inside a WordPress loadout theme.

The theme (called “Twenty Fifteen” despite the fact that it was released last year), is installed by default in all core builds of the current WordPress distribution, making it an especially large target for any hackers who want to catch the biggest fish they can with the smallest net.

The crack digs its claws in when a site administrator clicks a malicious link either in their email or on a phishing website while logged into WordPress, enabling an automatically scan of the server for a potential hole to get in.

What makes this especially worrisome is the fact that the bug doesn’t need your site to be running a version of Twenty Fifteen for it to be a problem. Because the theme is included in the database of every rollout, it’s automatically a given that you could be hacked.

If you own a WordPress site (regardless of the version installed), you should use the query tool to check and see if you might be vulnerable to an attack.

The larger domain hosts such as GoDaddy and ClickHost have already scrubbed through their subscriber base and removed any traces of the bug, but in case you’re either running an independent server, or your host isn’t listed here, be sure to make the change yourself to immunize you or your users from the threat.

Editors' Recommendations

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
Newegg wants your old GPU — here’s how much you could get
Three graphics cards on a gray background.

Upgrading to a new graphics card can be a hassle, and it has been even more difficult ever since the GPU shortage. Today, there are way too many models to choose from, and keeping track of prices is not easy. In an effort to make things a bit simpler, Newegg has announced a new trade-in program. The online retailer is offering customers a deal in which they send in their existing eligible GPU and receive a trade-in credit amount toward the purchase of a new qualifying graphics card.

According to Amir Asadibagheri, product manager of customer experience for Newegg, “the benefit of our trade-in program is the ease to send a used graphics card and buy a new one all within the same platform and avoiding the hassle of selling through a secondary market.” Newegg has given a list of all Nvidia and AMD graphics cards that are eligible, along with an estimated trade-in value. Notably, the trade-in is limited to Nvidia’s RTX series and AMD’s Radeon 5000 series and beyond.

Read more
Best HP laptop deals: Get a 14-inch Windows laptop for $170
An open HP Spectre x360 16 sits on a table, angled so that the screen and keyboard can be seen.

HP is one of the best laptop brands out there, and they're not afraid to slash their prices. Whether you're looking for cheap Chromebook deals or powerful gaming laptop deals, HP has something to offer. Below we've collected the best laptop deals on HP computers from around the internet. Models include the Pavilion, Victus, 17z and the mighty Omen.

HP 14-inch Laptop -- $170, was $200

Read more
Apple’s cheaper Vision Pro headset may have been scrapped, report claims
Apple Vision Pro being worn by a person while using a keyboard.

Apple’s Vision Pro headset is still months away from launching, but one well-known analyst has already painted a bleak picture for the device. According to the assessment, Apple might have canceled a low-cost version of the Vision Pro, leaving potential customers in the lurch.

The news was published in a report from Apple analyst Ming-Chi Kuo, who is thought to have well-placed sources in Apple’s supply chain. Previous leaks have suggested that Apple is working on a cheaper edition of the Vision Pro -- due to launch in 2025 -- to help users who can’t afford the base model’s $3,499 price tag, but Kuo thinks those plans might have been scrapped entirely.

Read more