The latest WordPress version (4.2, released on Thursday) and several earlier ones are vulnerable to a stored cross-site scripting (XSS) vulnerability that can be exploited to inject JavaScript in WordPress comments.
"If [the script is] triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors," researcher Jouko Pynnönen of Finnish security company Klikki Oy explained in a security advisory published on Sunday.
Scooped by Gust MEES |
Scoop.it!
WordPress vulnerable to yet another, still to be patched XSS flaw | CyberSecurity | Blogs | Blogging
Gust MEES's insight:
The latest WordPress version (4.2, released on Thursday) and several earlier ones are vulnerable to a stored cross-site scripting (XSS) vulnerability that can be exploited to inject JavaScript in WordPress comments.
"If [the script is] triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors," researcher Jouko Pynnönen of Finnish security company Klikki Oy explained in a security advisory published on Sunday.
añada su visión ...