Wordpress security vulnerability and mitigating strategies.

  html_injection hyperlinks mod_security search_engines virtual_patch vulnerability wordpress work xmlrpc

For the past couple of weeks the information security community has been noticing someone exploiting a new vulnerability in the Wordpress blogging software that lets the attacker inject arbitrary HTML code into the content from outside. So far, what has been seen is an

..
HTML entity containing multiple hyperlinks to other sites, presumably for the purpose of artificially bumping up someone's search engine rankings. Both the height and width of the injected HTML code are usually set to zero pixels each, but I've seen a couple of instances of one-by-one
..
entities as well. It stands to reason that pretty much …

Read more...