Prototype.js needs an update.
|Reported by:||SupersonicSquirrel||Owned by:|
(I hope I'm doing this right, as it's clearly not a forum topic, but a serious issue.)
I have experienced hacking of my prototype.js file on a high-traffic website a couple of times within the recent week and each time malicious code would be added to it in order to open an inline frame leading to a website that was automatically downloading Trojans to a visitor's computer.
Of course, I always update my installation of WordPress within 1-2 hours from when an update is available (and I obviously use 2.6.3 and not 2.6.1...), the only writeable files on my server are the sitemaps; I know how to protect my files and folders; so I assume this is an issue that could repeat on someone else's website as well.
From what I can see, the file on http://www.prototypejs.org/download is different from the file included with WordPress. I wonder if updating the file included in wp-includes/js/ would change anything.
I'm sorry if I wasted anyone's time here. When I report a vulnerability at the forum, I get response from newbies telling me stupid things.