Wordpress uppmanar till en säkerhetspatchning på grund av en brist i Wordpress sanitära filter för HTML i koden som kallas KSES.
Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.â€ÂIf you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.
Utan uppdateringen så kan någon utföra en injektionsattack, dvs försöka lägga in skadlig kod direkt in i Wordpress. Mortfiles har visserligen skydd mot den typen av skadlig påverkan på kundernas konton, men inget system är perfekt och jag rekommenderar alltid att täppa till hålet istället för att hoppas på det bästa.
Recommended Comments
There are no comments to display.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now