In this article “On Tuesday, we shared a rather silly video which made a serious point about the need to keep websites secure.
Unfortunately, limiting potential website vulnerabilities is not exactly intuitive. There’s always additonal stuff one needs to consider.
For example, let’s take the very popular WordPress(.org) publishing platform. WordPress itself does a pretty good job when it comes to maintaining its security. Unfortunately, the same cannot be said for everybody that runs WordPress websites. Many website admins allow their WordPress installations to fall out of date, and there are numerous compromised WordPress sites online as a result.
But even those admins that do keep their platform up to date still have things to worry about, such as themes.
Product security professional and pentester, Janne Ahlberg, has discovered several WordPress themes by Parallelus that are affected by a reflected cross-site scripting (XSS) vulnerability.”