Zadejte hledaný výraz...

Critical Persistent XSS 0day in WordPress

tomve
verified
rating uzivatele
(22 hodnocení)
29. 4. 2015 16:58:46
If your WordPress site allows users to post comments via the WordPress commenting system, you’re at risk. An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser.
You should definitely disable comments on your site until a patch is made available or leverage a WAF to protect your site and customers.
**Update 20150427**: A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately.
Security Disclosure: Critical Persistent XSS 0Day in WordPress | Sucuri Blog
29. 4. 2015 16:58:46
https://webtrh.cz/diskuse/critical-persistent-xss-0day-in-wordpress/#reply1110011
Pro odpověď se přihlašte.
Přihlásit