1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Another day another Wordpress 0-day

Discussion in 'CSO' started by RSS, Apr 27, 2015.

  1. RSS

    RSS New Member Member

    Word came today that Wordpress has a new problem. It is hard enough to keep on top of maintaining the security of a Wordpress site without the constant deluge of security issues. Today, we get word of a cross site scripting attack, or XSS, in the Wordpress comment system.

    Wordpress is a content management system that is used as the underlying framework for roughly 186,700 of the top one million websites. To say nothing of the thousands upon thousands of smaller sites that are running Wordpress. Let’s face it, the software is user friendly but, not without security issues.

    The problem that Wordpress has is in regards to a stored XSS. The problem occurs when a user leaves javascript in the comment section and is later launched when the comment approver views it. Usually comments are reviewed by someone with admin level privileges. In order for this to work the comment has to be greater than 64 KB in length.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page