A new comment XSS exploit vulnerability, being called “Zero Day”, has been found in the latest versions of WordPress: 4.2, 4.1.2, 4.1.1, and 3.9.3. The Zero Day exploit allows an attacker to insert JavaScript into comments. An attacker could leverage this type of vulnerability to insert code into the website’s server through the plugin and theme editors. In addition, through this exploit an attacker could also change the administrator’s password, create new administrator accounts, or do anything else that a logged-in admin would be able to do. An attacker triggers this exploit by an posting excessively long comment exceeding the […]
The post Vulnerability Found in Latest Versions of WordPress, Patch Now Available by @mattsouthern appeared first on Search Engine Journal.
No comments:
Post a Comment