Sucuri has informed Christom of a security update. During a routine audit for the Web Application Firewall (WAF), it was discovered that a critical stored XSS vulnerability is affecting Akismet, a popular WordPress plugin deployed by millions of installs. This vulnerability affects everyone using Akismet version 3.1.4 and lower with the WordPress “Convert emoticons like 🙂 and ? to graphics on display“ option enabled, which is the case by default on any new WordPress installation.
The issue can be found in the way Akismet deals with hyperlinks present inside the site’s comments, which could allow an unauthenticated attacker with good knowledge of WordPress internals to insert malicious scripts in the Comment section of the administration panel. An attack like this could lead to multiple exploitation scenarios, including a full site compromise.
Updating Akismet
You can update Akismet in your WordPress Admin dashboard by following these steps:
1. Firstly, Log In to the Admin section of your website.
2. Than, keep the cursor over Plugins and click on ‘Installed Plugins’, see image;
3. Click on the Update option below the plugin description, see image;
And this should update the plugin for you.
Note: This will not cause any issues with your site’s functionality or appearance and is very safe for you to update it by yourself. If you face any issues doing so, please feel free to contact us and a WordPress developer can assist you in getting in done.
Author: Chris Thomas
