WordPress Akismet XSS Vulnerability

by InMotion Hosting Contributor

0 Minutes, 39 Seconds to Read

CMS
Plugin
Issue
Resolution
WordPressAkismetXSS security vulnerabilityUpgrade Akismet to alteast version 3.1.5 to fix the security flaw

This vulnerability affects everyone using Akismet version 3.1.4 and lower and have the WordPress “Convert emoticons to graphics on display“ option enabled, which is the case by default on any new WordPress installation. The issue can be found in the way Akismet deals with hyperlinks present inside the site’s comments, which could allow an unauthenticated attacker with good knowledge of WordPress internals to insert malicious scripts in the Comment section of the administration panel. Doing this could lead to multiple exploitation scenarios, including a full site compromise. To protect your website against thist exploit please upgrade your Akismet plugin to atleast 3.1.5. For more information from Akismet on this exploit please read their press release.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting
Related Articles
How to duplicate a WordPress Site for Development and Testing
WordPress – Changing the Site URL and Home Settings
WordPress wp-login.php Brute Force Attack
Prevent Unauthorized WordPress Administrator Login Attempts
WordPress Heartbeat and Heavy admin-ajax.php Usage
Fixing Image Links After a WordPress Migration
How to Install WordPress using Softaculous
Adding HTML to a WordPress Page/Post
How to Move WordPress from a Subfolder to the Root Directory
How to Disable the WP-Cron (wp-cron.php) in WordPress

Was this article helpful? Join the conversation!

WordPress EDU

Need More Help?

Codeable - Hire Expert WordPress Developers

Featured Articles