Critical XSS Vulnerability in Akismet WordPress Plugin

According to the latest blog post on Sucuri, the most widely used plugin for WordPress known as Akismet is vulnerable. The security risk on this one is dangerous which can be fixed by upgrading to Akismet 3.1.5. The vulnerability affects anyone who has the WordPress plugin Akismet version 3.1.4 or below installed and has WordPress emoticons enabled. All WordPress installations have the emoticons enabled by default so the chances are that tons of sites will have this option enabled.

Akismet Vulnerability

The attacker in this case, who has a good knowledge of WordPress can insert scripts to the WordPress files which can result in compromising the entire website. It is highly recommended to upgrade the Akismet plugin as soon as possible to avoid your WordPress site being hacked. The latest version for Akismet plugins is version 3.1.5 which is safe from this vulnerability. Further, installing the Sucuri Security plugin can save your website from such vulnerabilities.

Two days ago, I posted about how WordPress websites are getting hacked in large amounts. Webmasters using WordPress need to take security seriously these days. Akismet, as we know is one of the most popular plugins and is used by millions of WordPress users. If such a popular plugin can be vulnerable, then we can imagine how unsafe our websites in which we invest so much time and money can be. Its high time that people start taking WordPress security seriously.

Must Read: 10 Tips To Improve Your WordPress Site Security

Leave a reply