WordPress Akismet XSS Vulnerability Updated on August 12, 2021 by InMotion Hosting Contributor 0 Minutes, 39 Seconds to Read CMS Plugin Issue Resolution WordPress Akismet XSS security vulnerability Upgrade Akismet to alteast version 3.1.5 to fix the security flaw This vulnerability affects everyone using Akismet version 3.1.4 and lower and have the WordPress “Convert emoticons to graphics on display“ option enabled, which is the case by default on any new WordPress installation. The issue can be found in the way Akismet deals with hyperlinks present inside the site’s comments, which could allow an unauthenticated attacker with good knowledge of WordPress internals to insert malicious scripts in the Comment section of the administration panel. Doing this could lead to multiple exploitation scenarios, including a full site compromise. To protect your website against thist exploit please upgrade your Akismet plugin to atleast 3.1.5. For more information from Akismet on this exploit please read their press release. Share this Article InMotion Hosting Contributor Content Writer InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals! More Articles by InMotion Hosting Related Articles How to Install WordPress using Softaculous W3 Total Cache – Guide to WordPress Caching Cleaning Up Old Post Metadata in WordPress Getting Started Guide: WordPress How to Enable or Disable Automatic WordPress Updates How to Optimize your WordPress Database with WP-Optimize Settings How to Migrate a WordPress site from BlueHost WordPress Scope of Service How to Create and Add a Logo To WordPress How to Disable the WP-Cron (wp-cron.php) in WordPress
