Akismet 3.1.5 is now available. Users are urged to update as soon as possible.
Sucuri discovered an XSS vulnerability in the popular spam protection plugin that affects every version including and after 2.5.0. The vulnerability can be accessed through comments, so it should be stopped through the plugin’s comment-check API, but the safest option is to update anyway.
For those with automatic updates, this is included and you don’t need to do anything at this time. All others need to update manually in the plugin directory or by updating directly through your WordPress dashboard. Though it isn’t clear if anyone has taken advantage of this leak, it is better to be safe and just upgrade anyway.
To read about the discovery and for more information for affected users, you can read the full advisory over on Sucuri.
This isn’t the first time a WordPress plugin has been compromised, to keep your site safe be sure to keep plugins updated to the most current version.
No Comments