Reply to post:

Attackers target new XSS in millions of WordPress sites

Anonymous Coward
Anonymous Coward

Looks like an update has removed that file now - several hosted sites here had the file yesterday (i.e. is in the backup) but is not present now.

Having looked at the backup of that file, I'm amazed that anyone would include such an obvious hole! I'm no XSS expert, but after a swift glance through the javascript it was blazingly obvious.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022