Posted by Jouko Pynnonen on Apr 22

*Overview*

Google Analytics by Yoast is one of the most popular WordPress plug-ins
with over 7 million downloads and “1+ million” active installs. Last month
Yoast patched a stored XSS we reported in the plug-in. Shortly after this
we identified another bug of a similar severity. The second stored XSS has
now been corrected.

An unauthenticated attacker can store JavaScript in the WordPress
administrator’s Dashboard on the target…