1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress gets patch for critical XSS flaw

Discussion in 'Network World' started by RSS, Jul 23, 2015.

  1. RSS

    RSS New Member Member

    Developers of the popular WordPress blogging platform have released a critical security update to fix a vulnerability that can be exploited to take over websites.

    WordPress 4.2.3, released Thursday, resolves a cross-site scripting (XSS) vulnerability that could allow users with the Contributor or Author roles to compromise a website, said Gary Pendergast, a member of the WordPress team, in a blog post.

    While this is not as critical as a flaw that can be exploited without authentication, it still poses a high risk for many websites because the compromise of a single non-administrator user account can turn into a complete website takeover.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page