Wednesday, 6 May 2015
Here at Thexyz, we’re always looking out for ways to better your online experience with us on the service and security front. Today, we’d like to draw your attention to new security vulnerabilities identified in several popular scripts - WordPress & Magneto. Please note that these issues are script-based and are not specific to the Thexyz platform in any way.
Impact:If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.
Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system. You can find more details about the impact and solution for the same by clicking here.
Steps you need to take:
We would request you to go through the recommendations and update your Wordpress software, plugins and themes.
Magento VulnerabilityThis is a vulnerability that has been recently reported too. The vulnerability is actually comprised of a chain of several vulnerabilities that ultimately allow an unauthenticated attacker to execute PHP code on the web server.
Impact:The attacker can bypass all security mechanisms and gains control of the store and its complete database, allowing credit card theft or any other administrative access into the system. This attack is not limited to any particular plugin or theme. All the vulnerabilities are present in the Magento core, and affects any default installation of both Community and Enterprise Editions.
Steps you need to take:
If you are using the mentioned vulnerable versions of Magento, we would request you to patch it using the updates provided here.
You can test whether your Magento website is vulnerability or not, using this tool.
We strongly recommend you access all your packages and patch them immediately to avoid any issues. In case you require any information regarding this email, please feel free to get in touch with us here.
We have secured great discounts on domains for the rest of month. Mar ch Domains Discounts Enjoy unbelievable discounts on your p...
We tested a bunch of FTP clients for iOS devices and found these to be the best. Most of them cost between $1 to $5 but we found the small p...
You can download the app free of charge from Google Play or Apple App Store. The app has recently been updated as Tapatalk celebrates its...
With Thexyz Webmail you have the choice of using your own domain or one of our domains. Using your own domain offers more features and ben...
Over the past few weeks our system administrators have detected an unusually high amount of traffic towards WordPress login pages. We h...
- ► 2016 (23)
- ▼ May 2015 (2)
- ► 2014 (40)
- ► 2013 (41)
- ► 2012 (43)
- ► 2011 (69)
- ► 2010 (52)
- ► 2009 (11)