Vulnerability Found in Latest Versions of WordPress, Patch Now Available by @mattsouthern

A new comment XSS exploit vulnerability, being called “Zero Day”, has been found in the latest versions of WordPress: 4.2, 4.1.2, 4.1.1, and 3.9.3. The Zero Day exploit allows an attacker to insert JavaScript into comments. An attacker could leverage this type of vulnerability to insert code into the website’s server through the plugin and theme editors. In addition, through this exploit an attacker could also change the administrator’s password, create new administrator accounts, or do anything else that a logged-in admin would be able to do. An attacker triggers this exploit by an posting excessively long comment exceeding the […]

The post Vulnerability Found in Latest Versions of WordPress, Patch Now Available by @mattsouthern appeared first on Search Engine Journal.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s