Recently new security vulnerabilities are discovered in WordPress & Magento.

These issues are script-based only and are not the issues in SkylarkHost server in anyway.

WordPress Vulnerability
----------------------------

https://wordpress.org/news/

    Current versions of WordPress are security vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in
WordPress comments and the script will trigger when the comment is viewed.

    The attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors. After the injected script trigger, the attacker have the previlages to change the administrator password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.

Please update your Wordpress website using the patch available http://klikki.fi/adv/wordpress2.html.


Magento Vulnerability
--------------------------

    The reported vulnerabilities will allow an unauthenticated attacker to execute PHP code on the web server.
The attacker will get the access control of the store and its complete database, allowing data theft or any other administrative access into the system. This is not limited to any special plugin or theme.


Confirmed Vulnerable Versions are : 1.9.1.0 CE and 1.14.1.0 EE.

    If you are using the above vulnerable versions of Magento, please patch it by the help of the following link :
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/

You can test whether your Magento website is vulnerability or not, using the url https://shoplift.byte.nl/


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We strongly recommend you to patch them immediately to avoid any issues.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If any doubt, please feel free to get in touch with us



Wednesday, May 6, 2015







« Back

Powered by WHMCompleteSolution