Feb 22

Details about this incident are incomplete, but it appears that Yahoo!Xtra in New Zealand experienced a security incident resulting from using an old version of WordPress that had not been updated in a long time.

According to reports, the exploit was performed using a Cross-Site Scripting (XSS) vulnerability in swfupload.swf – a JavaScript & Flash Upload Library – which was fixed in WordPress 3.3.2, released in April 2012.

This is another lesson to everyone on why you should ensure that you regularly update your WordPress installation and all your plugins.

For more information, here are some links:

SmartCompany – Yahoo! hacked in New Zealand through WordPress vulnerability

Seclists – Re: XSS vulnerability in swfupload in WordPress

ThreatPost – Yahoo Mail Breach Linked to Old WordPress Vulnerability


Add Your Comments