Researchers continue to identify WordPress Content Management System (CMS) plug-in vulnerabilities, which could allow malicious actors to take control of an affected system. Some of these vulnerabilities were exploited in the recent Web site defacements noted above. Software patches are available for identified vulnerabilities.We encourage all users who have WordPress installations on their websites to ensure they are running the latest version of the software as well as any plugins which are installed.
Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation.
See the FBI Warning at the IC3 Website: https://www.ic3.gov/media/2015/150407-1.aspx
Wednesday, April 8, 2015