Managed hosting provider
WiredTree has given users a warning regarding a possible vulnerability with a popular WordPress plugin. WiredTree, which has headquarters in Chicago, Illinois, United States, was founded in 2006. The company bills itself as “an industry-leading provider of managed hosting solutions to small and medium businesses worldwide” and alongside managed hosting solutions offers services that extend to Virtual Private Servers (VPS), dedicated servers, hybrid servers, and beyond. It is calling on WordPress users to immediately update the popular ‘All-In-One-SEO Pack’ plugin.
WiredTree’s warning comes after the discovery of a flaw in versions older than version 2.3.7 of the plugin. The flaw, discovered by the WordPress security plugin provider Wordfence earlier this month, could leave WordPress users open to cross-site scripting attacks. Such attacks are more common to websites that are able to accept content generated by users and might enable third-parties to control a website or send sensitive data to an attacker. While the plugin’s developer issued a fix, WiredTree still has concerns about possible vulnerabilities. To address the issue, the company is recommending its customers update the plugin using their administrative dashboards immediately.
“Cross-site scripting vulnerabilities occur because it’s difficult to sanitize every potential route by which a malicious user might inject code,” explained WiredTree’s President, Zac Cogswell. “As soon as this vulnerability was discovered, developers fixed the problem and made a patch available. We want to make sure that every WordPress site owner is aware of the problem, and takes the necessary steps to protect their site and their users.”
Have you experienced problems with WordPress? Let us know the details. Add your comments below.
