If your site is hosted by us and you have received an email from wordpress about the XSS Vulnerability, have no fear! We are already on top of it. Our awesome team had already put a patch into place within our hosting environment within a few hours of WordPress announcing it yesterday. This means that all of our customers are safe and secure! You can disregard the email and carry on!

If you are just hearing about this and you HAVE a WordPress site that is not hosted with us – here is what this may mean to you:

A vulnerability was announced yesterday that impacted ALL WordPress sites across the world. This Forbes article discusses the vulnerability in more detail. Here is an excerpt:

The most pressing issue is a fresh zero-day, a previously unknown and unpatched weakness, affecting the latest version of WordPress, 4.2, and prior iterations, as revealed by Finnish company Klikki Oy yesterday. It released a video and proof of concept code for an exploit of the flaw, which allows a hacker to store malicious JavaScript code on WordPress site comments. Under normal circumstances, this should be blocked as it could be abused to send visitors’ usernames and passwords to a hacker’s site – what’s known as a cross-site scripting attack. All that’s required is for a user’s browser to parse the code when they land on the affected site.

If your site is not hosted by YourSiteNeedsMe, this is great opportunity to secure your site and make sure you are not vulnerable to these kinds of attacks. Go here to learn more about our WordPress Hosting Services.