WordPress 4.2.1, which was released a few days after 4.2 on April 27th 2015 addresses a critical security issue in WordPress. This XSS vulnerability existed since quite some time, but it was discovered recently. In the Security Release by WordPress it says:
A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site.
An attacker was able to compromise the admin account by using a stored cross site scripting attack vector using the comment functionality. Respectively quick the problem was solved and the new version 4.2.1 released.
Photo Credit: Colin / Wikimedia Commons / CC-BY-SA-4.0
Latest posts by David Remer (see all)
- BuddyPress Desktop Notification 0.7 Release - January 14, 2016
- The problem of slug identification in the repository - August 11, 2015
- WordPress Support Ticket - August 10, 2015
This post is also available in: German