Stored XSS in WordPress Core

Stored XSS in WordPress Core

As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, we actually reported two to the WordPress team. As it turns out, it was possible to leverage the content injection issue to achieve a stored cross-site scripting attack. This issue was patched in WordPress 4.7.3.

Are You at Risk?

This vulnerability has been present in WordPress for quite a while, well before 4.7.

Continue reading Stored XSS in WordPress Core at Sucuri Blog.

Read more: Stored XSS in WordPress Core

Story added 13. March 2017, content source with full text you can find at link above.