The exploit feeds off an XSS vulnerability known as a “DOM-Based XSS,” or Document Object Model. According to the independent vetting agency, DOMs are used to teach a browser how to display headers, images, text, or links that are displayed inside a WordPress loadout theme.
The theme (called “Twenty Fifteen” despite the fact that it was released last year), is installed by default in all core builds of the current WordPress distribution, making it an especially large target for any hackers who want to catch the biggest fish they can with the smallest net.
The crack digs its claws in when a site administrator clicks a malicious link either in their email or on a phishing website while logged into WordPress, enabling an automatically scan of the server for a potential hole to get in.
What makes this especially worrisome is the fact that the bug doesn’t need your site to be running a version of Twenty Fifteen for it to be a problem. Because the theme is included in the database of every rollout, it’s automatically a given that you could be hacked.
If you own a WordPress site (regardless of the version installed), you should use the query tool to check and see if you might be vulnerable to an attack.
The larger domain hosts such as GoDaddy and ClickHost have already scrubbed through their subscriber base and removed any traces of the bug, but in case you’re either running an independent server, or your host isn’t listed here, be sure to make the change yourself to immunize you or your users from the threat.
