The API vulnerabilities nobody talks about: excessive data exposure
TLDR: Excessive Data Exposure (leaking internal data via API responses) is the silent, pervasive threat that is more dangerous than single dramatic flaws like SQL …
Are you running WordPress 4.2.0 to 4.5.1? Time to upgrade to 4.5.2!
It was recently discovered that WordPress versions 4.2.0 to 4.5.1 are vulnerable against a reflected XSS vulnerability in a specific WordPress SWF-file: flashmediaelement.swf. The vulnerability could lead to leaked WordPress credentials, or be used as a stepping stone to more severe attacks.
3 things you can do to protect your website:
- Upgrade to WordPress version 4.5.2 as soon as possible.
- Remove the flashmediaelement.swf file (if you do not know how to proceed, the best option is to simply upgrade the WordPress-version).
- A third option is to limit the allowed IP addresses to your office or VPN IP.
As always, we recommend you to run regular security tests on your website to keep up with all the latest vulnerabilities.
Stay safe!
Check out more content
Migrating Critical Messaging from Self-Hosted RabbitMQ to Amazon MQ
TLDR: We successfully migrated our core RabbitMQ messaging infrastructure from a self-hosted cluster on EKS to managed Amazon MQ to eliminate the significant operational burden …
