Sucuri just released notice of a Stored XSS vulnerability within Akismet 3.1.4. Unfortunately for this scenario Akismet is installed by default across millions of WordPress websites – and not every webmaster keeps their website scripts updated (even though you all should!). The current vulnerability affects only those websites who are running Akismet v3.1.4 or lower, and also have the Convert emoticons to graphics on display option enabled (again the default on new WordPress installs).

For more details regarding the vulnerability check out the post over on the Sucuri blog. Otherwise make sure you have updated to Akismet v3.1.5 to patch this vulnerability on you’re websites.

Published by Michael Boguslavskiy

Michael Boguslavskiy is a full-stack developer & online presence consultant based out of New York City. He's been offering freelance marketing & development services for over a decade. He currently manages Rapid Purple - and online webmaster resources center; and Media Explode - a full service marketing agency.

Leave a comment

Your email address will not be published. Required fields are marked *