Client portal

  • May 7, 2015 by Host Support
  • This is a new, serious vulnerability, announced recently which has the potential to cause some damage and disruption. Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. Impact: If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors.
Powered by