Earlier this week, WordPress administrators were urged to update to the popular All-in-One SEO plugin to address a persistent cross-site scripting vulnerability. But other widely used plugins also need updating.

The plugin model for WordPress is simultaneously the platform’s greatest asset and biggest vulnerability. Administrators can happily search the rich ecosystem of plugins and find all manner of advanced features and functionality to enhance their WordPress sites. Once downloaded, these plugins are easy to install. However, the plugins are frequently poorly coded or not regularly updated, exposing WordPress sites to potential Web attacks. WordPress itself is a pretty stable platform, but WordPress sites are frequently compromised because the attackers uncover a vulnerability in one of the plugins.

To read this article in full or to leave a comment, please click here

Source: Security