The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.
Tag Archives: wordpress vulnerability
Million-Plus WordPress Sites Exposed by Vulnerable Plugin
The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.
WordPress Patches Zero Day in WP Mobile Detector Plugin
WordPress patched a zero day vulnerability in the WP Mobile Detector plugin that had been publicly attacked for close to a week.
WordPress Jetpack Plugin Patched Against Stored XSS Vulnerability
The popular Jetpack WordPress plugin was updated this week in order to patch a critical stored cross-site scripting vulnerability.
WordPress Patches Serious Shortcodes Core Engine Vulnerability
WordPress upgraded to 4.3.1, patching a pair of vulnerabilities in the core engine, including a cross-site scripting issue enabled by a vulnerability in shortcodes.
WordPress Patches Zero-Day Vulnerability
WordPress quickly turned around a patch for a stored cross-site scripting zero-day vulnerability in the CMS’ core engine.
Details on WordPress Zero Day Disclosed
A Finnish researcher has disclosed details on an unpatched stored cross-site scripting vulnerability in the WordPress core engine.
Yoast Google Analytics Plugin Patches XSS Vulnerability
Yoast addressed a cross-site scripting vulnerability in its Google Analytics WordPress plugin that allows a hacker to store code in the WordPress administrator dashboard that executes upon viewing.
WordPress Symposium Plug-In Plagued by File Upload Vulnerability
Researchers warn that since public disclosure of a file-upload vulnerability in the WordPress Symposium plug-in and the availability of proof-of-concept exploit code, scans and exploit attempts are on the rise.
WordPress 4.0.1 Update Patches Critical XSS Vulnerability
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.