Future Hosting Advises WordPress Users to Update Against Cross-Site Scripting Vulnerability

Share Article

Future Hosting, a provider of managed virtual private server and dedicated server hosting, has advised users of the popular WordPress content management system to immediately update to mitigate the risk of a recently discovered cross-site scripting vulnerability.

futurehosting_logo
We advise WordPress site owners to upgrade immediately and activate automatic upgrades on their WordPress site so that security issues of this sort can be mitigated immediately upon the release of a patch.

Future Hosting, a provider of managed virtual private server and dedicated server hosting, has advised users of the popular WordPress content management system to immediately update to mitigate the risk of a recently discovered cross-site scripting vulnerability. The vulnerability, revealed earlier this month on WordPress.org (Jan 6, 2016), could allow malicious users to execute arbitrary code on the browsers of site visitors.

All versions of WordPress prior to version 4.4.1 are vulnerable, and Future Hosting, which hosts many hundreds of WordPress sites, strongly advises WordPress users to update immediately.

Cross-site scripting vulnerabilities are a common and dangerous issue on sites that allow user submitted content. Because of improperly sanitized input, a malicious user could embed JavaScript code within a page. That code is then run in the browser of subsequent users to visit the page. Browsers implicitly trust such scripts to access information about the page, which means that authentication cookies — including those of administrative users — are vulnerable to exfiltration.

“Many WordPress users have updated to the newest version, but we're seeing a substantial number who have yet to upgrade and who are still vulnerable,” warned Maulesh Patel, VP of Operations of Future Hosting, "We advise WordPress site owners to upgrade immediately and activate automatic upgrades on their WordPress site so that security issues of this sort can be mitigated immediately upon the release of a patch."

Automatic updates on WordPress cover minor point releases, which are unlikely to cause compatibility errors and which are often used to push critical security fixes. Compromised WordPress sites are harmful to users and to the wider web — they're often used to serve malware and as nodes in malicious botnets. Keeping a WordPress site up-to-date is part of being a good online citizen, in addition to being essential for maintaining a healthy site.

About Future Hosting, LLC

Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Vik Patel
@fhsales
since: 08/2009
Follow >
Follow us on
Visit website