WordPress vulnerability mass-fixed on our servers


Dear xxx,

Recently, a critical 0-day vulnerability was discovered in the Genericons package, which comes with the popular Jetpack plugin and the TwentyFifteen theme of WordPress. The latter is installed by default with all recent WordPress installations/updates. The vulnerability represents a DOM-based XSS (cross-site scripting), and it allows attackers to modify the execution of scripts in the user/visitor browser. For example, if a site administrator is tricked to click on a link while logged in to the WordPress site, the attacker could gain control over the site.

As the vulnerability affects millions of sites on the Internet, we took proactive steps to secure automatically all WordPress installations on our servers. On May 6, we set permissions 000 to the "genericons/example.html" files on your accounts, and later deleted these files from the server. A full list of the affected files can be found below.<!--more-->

The "example.html" file is not necessary for the operation of a WordPress installation.

A general security precaution is to always keep your software up to date, along with its plugins and themes.

If you need any additional information, you can always contact us through our support site http://www.suresupport.com.

Best regards,
ICDSoft Team


Domain name xxx.com:
- /home/xxx/xxx/www/wp-content/themes/twentyfifteen/genericons/example.html


NOTE: This message comes from a "noreply" mailbox. Please do not reply directly to it. If you need to get in touch with us, please use our support ticketing system at http://www.suresupport.com.


WordPress vulnerability mass-fixed on our servers》有9个想法

  1. 老虎




您的电子邮箱地址不会被公开。 必填项已用 * 标注