Stored XSS in WordPress Core

As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, we actually reported two to the WordPress team. As it turns out, it was possible to leverage the content injection issue to achieve a stored cross-site scripting attack. This issue was patched in WordPress 4.7.3.

Are You at Risk?

This vulnerability has been present in WordPress for quite a while, well before 4.7.

Continue reading Stored XSS in WordPress Core at Sucuri Blog.

Story added 13. March 2017, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

Stop treating your datacentre as if it were a laptop: Symantec
CISA Adds Chrome, macOS Bugs to Known Exploited Vulnerabilities Catalog
Multiple Vulnerabilities Uncovered in Google Nest Cam
Utimaco to Acquire Atalla Hardware Security Module Business From Micro Focus
AnyDesk Shares More Information on Recent Hack
‘Reveton’ ransomware upgraded with powerful password stealer
Data center disaster disrupts Delta Air Lines
Branch office security in the spotlight…
Fake ISP Complaint Emails Distribute Locky Ransomware Variant
Android Development Tools Riddled with Nasty Vulnerabilities

Stored XSS in WordPress Core

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts