Karissa Bell says, “WordPress users: Now would be an excellent time to make sure your system is up to date.

The content management system rolled out an update Thursday that addressed a security flaw that affected millions of websites. The vulnerability, first spotted by security researchers at Sucuri, leaves affected websites susceptible to an attack that could allow others to take control of the sites.

The flaw stems from a bad file within Genericons, which is preloaded into many WordPress sites by default, including the default TwentyFifteen theme and the JetPack plugin, according to researchers. The file leaves websites open to a cross-site scripting (XSS) vulnerability, which could potentially allow attackers a way to gain control of a website“.

WordPress rolls out update to fix security flaw affecting millions of websites

Mashable
Sharing is caring