Websupporter

Just another Websupporter site

WordPress 4.2.1 addresses critical XSS vulnerability

29. April
2015

WordPress 4.2.1, which was released a few days after 4.2 on April 27th 2015 addresses a critical security issue in WordPress. This XSS vulnerability existed since quite some time, but it was discovered recently. In the Security Release by WordPress it says:

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site.

An attacker was able to compromise the admin account by using a stored cross site scripting attack vector using the comment functionality. Respectively quick the problem was solved and the new version 4.2.1 released.

Photo Credit: Colin / Wikimedia Commons / CC-BY-SA-4.0

About the author

Seine erste Webseite hat David Remer 1998 in HTML verfasst. Wenig später war er fasziniert von DHTML und JavaScript. Nach jahrelanger Freelancerei arbeitete er zunächst für Inpsyde und ist heute Entwickler bei Automattic. Außerdem hat er das Buch "WordPress für Entwickler" verfasst.

Leave a Reply

Your email address will not be published.