WordPress gets patch for critical XSS flaw

Developers of the popular WordPress blogging platform have released a critical security update to fix a vulnerability that can be exploited to take over websites.

WordPress 4.2.3, released Thursday, resolves a cross-site scripting (XSS) vulnerability that could allow users with the Contributor or Author roles to compromise a website, said Gary Pendergast, a member of the WordPress team, in a blog post.

While this is not as critical as a flaw that can be exploited without authentication, it still poses a high risk for many websites because the compromise of a single non-administrator user account can turn into a complete website takeover.

To read this article in full or to leave a comment, please click here

Read more: WordPress gets patch for critical XSS flaw

Story added 23. July 2015, content source with full text you can find at link above.