eduBuzz WordPress Sites: Comments Temporarily Closed

NO COMMENT?

The ability to leave comments on eduBuzz sites has been temporarily disabled by our hosting company, DXW, to protect against a WordPress security vulnerability identified at the weekend, details below. One of the benefits of using such a popular application is that bugs are quickly identified and addressed, but it does also mean, as with any other popular software on the internet, that there are many malicious people who seek to exploit them. DXW are doing absolutely the right thing here, and experience tells us that the security vulnerability will be quickly fixed.

Due to a critical security vulnerability announced on Sunday evening, we have disabled commenting on all dxw-hosted sites.

At 2100 on Sunday 26th April, a flaw in the way WordPress handles comments was published. This flaw could allow an attacker to inject HTML and Javascript into the pages of your website.

In so doing, they would be able to entirely take over your website, adding or removing any content and taking any action that an administrator is able to complete through the admin area.

Due to the seriousness of this flaw we have disabled commenting across the GovPress platform pending a patch from WordPress. We expect that a patch will be released quickly and we will deploy it as soon as possible.

We have also posted this security alert on the dxw blog, and will make further updates there. If you have any questions not covered by the blog post, please reply to this alert to create a ticket.