Users of popular web-based blogging software WordPress have been urged to update after a security vulnerability was discovered.
Users on versions 4.2.2 and earlier are affected by a "critical" cross-site scripting flaw, allowing someone with "contributor" or "author" roles to take over a site. (An earlier, cached version of the blog post said "critical," which has since been taken out. We've reached out to WordPress for more on this.)
Cross-site scripting (XSS) attacks allow a hacker or malicious actor to embed malicious code in a website's code.
The flaw was found internally by members of WordPress' security team.
The update also fixes a total of 20 flaws, including one where it "was possible for a user with Subscriber permissions to create a draft through Quick Draft."
Source: All WordPress users urged to update after critical flaw found
No comments:
Post a Comment