How to check if you’re vulnerable to the WordPress flaw

How to check if you're vulnerable to the WordPress flaw

On November 20, WordPress announced a critical cross-site scripting vulnerability in the Internet’s most popular and widely used content management system. Initially discovered by Jouko Pynnonen with the Finnish IT company Klikki Oy, the vulnerability could allow anonymous users to compromise websites running versions of WordPress prior to 3.9.3.

This is an extremely serious vulnerability by virtue of the fact that it impacts millions of websites across the Internet and could allow an anonymous user to gain complete administrative control of these websites and potentially the underlying operating system. According to WordPress statistics, about 86 percent of all WordPress sites were using a vulnerable version as of November 20, 2014. Exploited sites could then be used to attack other users, or if the operating system is compromised, the machine could be used as part of a botnet. Reports indicate that this vulnerability is being actively exploited and that exploit code has been made available on the Internet for others to use and modify. How to check if you're vulnerable to the WordPress flaw