Home · Security

Comments considered harmful: WordPress web hijack bug revealed

A frustrated Finnish security researcher has gone public with a vulnerability in WordPress that lets attackers hijack website admin accounts.

The flaw was found by Jouko Pynnönen, and is a cross-site scripting (XSS) bug similar to one patched last week. It is buried within the widely used web publishing software's comments system.

The vulnerability is present in WordPress version 4.2 and below. Pynnönen revealed the flaw on his blog on Sunday before the WordPress team could release a patch for the software: the researcher feared WordPress would take too long to fix the hole, and wanted to warn everyone beforehand.

"I didn't report the bug to the vendor this time," Pynnönen told The Register in an email earlier today.

The security blunder is exploited by posting a 64KB comment to a WordPress blog page. This data is truncated as it is written to the database, breaking safety checks that are supposed to filter out malicious code when the comment is displayed to visitors.

This means an attacker to post a comment containing JavaScript that runs in the visitor's browser. If this comment is viewed by a site administrator reading the comments, the script will execute and can change the admin's password, create new admin accounts, deface the site, upload dodgy material, and so on. The code can hijack the accounts of normal users visiting the page, too. More...

04-29-2015 07:03

How to Defeat a Smarter Breed of Cyber Threat

With a new batch of sophisticated and varied actors redefining the threat landscape, companies must adopt a more nimble approach to address security breaches.


03-31-2015 05:42

Premera cyberattack could have exposed information for 11 million customers

Health care provider Premera Blue Cross said on Tuesday that the identifying, financial, and medical information for millions of customers could have been revealed in a cyberattack.

In a statement on their website, Premera said that issues related to their network have been resolved, and the company is working to strengthen security measures. The initial attack occurred on May 4, 2014, but the intrusion was not discovered until January 29, according to Premera.

The attack potentially affects 11 million customers. About 6 million of those live in Washington state, where some customers are employees at companies like Amazon and Microsoft, Reuters reported. More...

03-20-2015 19:05