No Comment — Patch Your WordPress Websites

Posted on Apr 28, 2015
Share Button

patch - no commentBy Paul Hirsch, Senior Network Engineer 

Security researcher Jouko Pynnönen of Klikki Oy has discovered a vulnerability in the comment feature of WordPress. This elevates the power of a bad comment from being simply annoying to taking over webservers.

When mixed with “comment spam,” this may lead to a lot of compromised websites.

WordPress has released a fix. If you would like to avoid having your website defaced or used to spread malware, update your WordPress sites to 4.2.1 as soon as possible. See http://klikki.fi/adv/wordpress2.html for more information.