WordPress Sites Being Hacked Over XSS Vulnerability

Earlier today the WordPress team released WordPress 3.0.4 which contained a critical fix for an XSS vulnerability. Sadly, the release made the problematic code public to everyone and there are reports that WordPress sites who have not yet upgraded are being hacked.

A post on DreamHost, one of the largest web hosting companies says that many sites who have not yet upgraded are being attacked through this XSS vulnerability. Many of their customers aren’t able to access their WordPress Admin dashboard.

Another important thing being noted by DreamHost team is that once your site has been hacked, upgrading to the latest version won’t help since the inserted data sits in a file which is untouched by the upgrade. I am looking into what files are affected and will update this post as soon as I come across it.

Rest aside, this new problem has made me determined to release the WordPress Remote Upgrade and Manager within the next few days, so stay tuned for it.

Upgrading WordPress is easy and usually takes a few seconds. So drop everything else and upgrade your WordPress installation to 3.0.4 ASAP. 

(h/t @arpitnext)

Published by

Keith Dsouza

I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website. I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.