Google has patched its vulnerable open source blogging platform for two weeks, according to a blogpost published by its security team.
The vulnerability is a “serious issue” for many sites, but Google says that “in the case of Blogger, it will only affect sites that have a security profile that is above average,” meaning that those that have less stringent security measures and have fewer security vulnerabilities are affected.
The blog post says that the fix will be rolled out to all users on Monday.
In addition to Blogger and WordPress, the vulnerability was discovered in a third-party plugin that “contains a security vulnerability that can be exploited by an attacker to bypass a site-wide firewall.”
This means that anyone can access the posts of anyone on a site.
In the blog post, Google’s security team explains that this is a rare vulnerability because “the plugin’s security model is very robust, and it is also designed to work on many different platforms, including the Internet of Things.”
Google says it has identified “several dozen other similar plugins that contain similar vulnerabilities.”
It’s a similar problem that occurred with a similar vulnerability in WordPress that affected over 100 million users last year.
This vulnerability was patched in June.
As the blogpost says, there are two ways to exploit the vulnerability.
The first is to install a malicious application that downloads and executes code inside the WordPress site, as demonstrated in this example.
In this case, the WordPress post could be accessed from any WordPress site.
But if a user runs a malicious program that doesn’t download the WordPress plugin and executes it inside the site, the blog posts will be visible in a new tab.
In this case however, it’s not clear whether the malicious program will do anything.
It could be possible for the malicious application to install itself on a different page, or the blog could be updated without triggering a vulnerability, and the vulnerability will remain active.
This can be done through a script tag, or a third party plugin, or even a backdoor.
Google has also released a patch for the “common WordPress plugin” that could be used to download and execute code on a web page.
The company says it’s releasing the patch as soon as it’s available.
The patch will also be rolled-out to all WordPress users on Tuesday.
This is a new vulnerability, Google says, and one that is a problem for a wide variety of blogs, but it’s worth noting that it was already fixed in the WordPress 4.6.1 release.
It’s possible that other popular WordPress plugins will also have the vulnerability and it will affect other sites, too.