Happy Independence Day

happy independence day

Vulnerability Found in Latest Versions of WordPress, Patch Now Available

Here comes a new vulnerability in Latest version of WordPress.It is a new comment XSS exploit vulnerability, well known as “Zero Day”. It has been found in WordPress: 3.9.3, 4.1.1, 4.1.2 and 4.2.

Vulnerability Found in Latest Versions of WordPress, Patch Now Available : eAskme
Vulnerability Found in Latest Versions of WordPress, Patch Now Available : eAskme
Other people are reading : Ayboll Guide – Native Advertisement Program For Bloggers

The Zero Day vulnerability allows attackers to insert JavaScript into comments. Attackers can leverage this vulnerability by inserting code into the server through theme editors and the plugin.

This exploit even allow attackers to change the admin password, create new admin accounts, or do anything else with admin rights.

Also See : ISIL Defacements Exploiting WordPress Vulnerabilities

An attacker use this exploit with excessively long comment that exceeds MySQL TEXT type size limit and it cause the comment to be truncated. This will result in truncated comments in malformed HTML on the web page.

Vulnerability Found in Latest Versions of WordPress, Patch Now Available : eAskme
Also See : Yoast WordPress SEO Plugin Vulnerable To Hackers

Now WordPress security team has released a patch. You can update it through WordPress dashboard. This is a critical security release for all versions, and I strongly recommend you to update immediately.