Learn the impact to your business
Earlier this summer, we posted information about a security flaw that threatened millions of websites through two popular content management systems (CMS), WordPress and Drupal.
At the time, both WordPress and Drupal released updates to address this concern. Unfortunately, new security threats continue to surface given the recent release of WordPress 4.0.1. The release notes issued by the WordPress team fixed a number of serious vulnerabilities, including several critical cross-site scripting vulnerabilities.
Cross-site scripting (XSS) is a type of web application security vulnerability that allows hackers to inject malicious scripts into otherwise benign and trusted web sites. Why is this dangerous? Once the content is placed into a dynamic web page, it can be impossible to identify and will be executed because it will be assumed to be from a trusted source by your browser. This gives hackers the perfect opportunity to steal cookies and session tokens, execute trojans and malware, and potentially compromise private information such as credit cards and Social Security information.
Given that 86 percent of WordPress sites are still running vulnerable versions, IT Security teams must heighten their awareness of cross-site scripting (XSS) vulnerabilities, one of the most common application layer hacking techniques. Be sure your security team routinely monitors to ensure the latest updates are always applied: https://wordpress.org/download/
Skoda Minotti’s Risk Advisory Services group can help assess your website, web or mobile application, and/or network’s security posture to identify significant issues before they become problems.