FRIENDS, FOLLOWERS, READERS BLOGGER ALERT: WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites on Private Blogs: OWNERS using WordPress app on iOS devices are recommended to update their app immediately: PLEASE SHARE #AceNewsDesk reports

Ace News Services

#AceNewsReport – Apr.04: If you have a “private” blog with and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites: WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens for users whose blogs were using images hosted on third-party sites, a spokesperson for Automattic confirmed The Hacker News in an email.

Discovered by the team of WordPress engineers, the vulnerability resided in the way WordPress iOS application was fetching images used by private blogs but hosted outside of, for example, Imgur or Flickr: That means, if an image were hosted on Imgur and then when the WordPress iOS app attempted to fetch the image, it would send along a authorization token to Imgur, leaving a copy of the…

View original post 287 more words

from “OUR WORLD”