Is your website hosted on WordPress?

Recent security flaw threatens sites. Is your IT Company, Website Developer or Website Host patching your site regularly to protect you?

Hardly a week goes by without some new vulnerability in WordPress or one of its components showing up on a mailing list or in a security advisory. This week’s first entrant is a newly disclosed flaw in a plugin that displays ad banners on WordPress sites, a bug that enables an attacker to inject malicious Javascript or HTML code on any vulnerable site.

The vulnerability is in WP Banners Lite, a WordPress plugin designed to make it simple for site owners to install and manage ad banners.

“WP Banners Lite is a plugin which allows you to manage banners on your website. You can use as many different types of banners as you wish. Just create desired banner type and implement it into your theme,” the plugin documentation says.

On Monday a security researcher disclosed a vulnerability in the WP Banners Lite and published a proof-of-concept demonstration of an exploit for the flaw. The flaw affects versions 1.29, 1.31 and 1.40 of the plugin. The researcher who discovered and published the vulnerability said he had sent the information to the developer of WP Banners Lite but hadn’t received a response.