Blog Security

Hackers are exploiting a zero-day vulnerability affecting an image resizing utility, possibly impacting a large number of WordPress sites.

Popular blogging platform WordPress on Monday released version 3.0.5 to patch a number of vulnerabilities that could allow a contributor- or author-level user to execute cross-site scripting attacks or siphon sensitive information. The company stated that the update also improves security of plug-ins "which were not properly leveraging our security API." US-CERT recommends that WordPress users install the update. - GM

A new campaign to hack WordPress websites and serve rogue anti-virus is underway, according to security researchers.

Popular blogging platform WordPress, with the release Monday of a new version, has closed a number of vulnerabilities that had been previously missed. "Unfortunately, I missed some places when fixing the privilege escalation issues for [version] 2.8.1," WordPress' lead developer Ryan Boren wrote on the company blog. "Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that we overlooked." Security experts warn that website owners must keep up on WordPress patches, as flaws in the interface are a common entry point for hackers. — DK