There are thousands of South African Companies using WordPress for they website they might see the sensitive information leaked by Hackers since WordPress has been attacked by Malicious hackers


Millions of websites around the world are in danger of being taken over by hackers because of a vulnerability discovered in the WordPress software used to design them.
WordPress is the most popular content management system on the market, and a security firm has found a flaw that could allow hackers to hijack any website using the default theme and plugin if the administrator clicks on a malicious link.
Researcher David Dede from security firm Sucuri said that any WordPress theme or plugin that leverages on something called the genericons package is at risk in a blog post published on April 7. That includes the TwentyFifteen theme and plugin, which is the default theme for WordPress, as well as the JetPack plugin.
The vulnerability is caused by a critical Cross-Site Scripting (XSS) flaw in an insecure file that Dede is calling example.html, one that is part of the genericons package. Hackers can gain control of sites relying on these themes using a DOM-based XSS attack. To gain access, though, they will need some help from the site administrator. For the raid to work, someone logged in as an administrator to the WordPress site must first click on a malicious link, which would then give the hacker full access to edit or destroy the website as he sees fit.
Luckily, Dede says the fix for the problem is pretty straightforward. You merely need to remove or block access to the example.html file. Sucuri has already notified some web hosting companies it works with so it may be that your site is no longer at risk. Dede says the following web hosting services have already fixed the vulnerability.
• GoDaddy
• HostPapa
• DreamHost
• ClickHost
• InMotion
• WPEngine
• Pagely
• Pressable
• WebSynthesis
• Site5
• SiteGround

WordPress also announced in a blog post that it has released a security update (4.2.2) it labelled critical that apparently eliminates the flaw. The update fixes the Genericons icon font package, used in some favourite themes and plugins, which contained an HTML file vulnerable to a cross-site scripting attack. The post also noted WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
Still, the widespread use of WordPress means there are probably millions of sites lying vulnerable to this XSS attack. WordPress holds more than 60 per cent of the content management system market and powers roughly one in five of all websites, according to recent statistics.