Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1

Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1

During regular research audits for our Sucuri Firewall (WAF), we discovered a source-based stored Cross-Site Scripting (XSS) vulnerability affecting WordPress 4.8.1.

Are You at Risk?

The vulnerability requires an account on the victim’s site with the Contributor role – or any account in a WordPress installation with bbPress plugin, as long as it has posting capabilities (if anonymous posting is allowed then no account is needed).

Continue reading Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1 at Sucuri Blog.

Read more: Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1

Story added 26. September 2017, content source with full text you can find at link above.