WordPress 4.2.1 addresses critical XSS vulnerability

WordPress 4.2.1, which was released a few days after 4.2 on April 27th 2015 addresses a critical security issue in WordPress. This XSS vulnerability existed since quite some time, but it was discovered recently. In the Security Release by WordPress it says:

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site.

An attacker was able to compromise the admin account by using a stored cross site scripting attack vector using the comment functionality. Respectively quick the problem was solved and the new version 4.2.1 released.

Photo Credit: Colin / Wikimedia Commons / CC-BY-SA-4.0

The following two tabs change content below.
Seine erste Webseite hat David Remer 1998 in HTML verfasst. Wenig später war er fasziniert von DHTML und JavaScript. Heute konzentriert sich vor allem auf das Entwickeln von WordPress Themes und Plugins für Inpsyde. Außerdem hat er das Buch "WordPress für Entwickler" verfasst.

Latest posts by David Remer (see all)

This post is also available in: German