Critical XSS flaws patched in WordPress and popular plug-in
Critical XSS flaws patched in WordPress and popular plug-in
New security updates released for the WordPress content management system and one of its popular plug-ins fix cross-site scripting (XSS) vulnerabilities that could allow attackers to take control of websites.
The comment XSS vulnerability only affects WordPress 3.9.2 and earlier versions, not WordPress 4.0. However, the 4.0.1 update, as well as the 3.x ones, also address three other XSS flaws that can be used to compromise WordPress sites if the attacker has access to a contributor or author account on them.
The new releases also fix a cross-site request forgery flaw that could be used to trick a user into changing their password, as well as a denial-of-service issue.
Comments are closed.