WordPress 4.2.1 – Security Release Fixes Zero Day XSS Vulnerability

Just 3 days after WordPress 4.2 was releases, a safety investigator discovered that WordPress 4.2, 4.1.2, 4.1.1, 4.1.3 and 3.9.3 were vulnerable in Zero day. It enables a JavaScript attacker to inject remarks and hack your site. WordPress ‘ team has reacted quickly and remedied WordPress 4.2.1 safety problem and highly suggest that you instantly update your sites.

The following was defined by Jouko Pynnönen, a Klikki Oy safety investigator.

Once triggered by a logged-in administrator, the attacker can exploit the vulnerability by using both plugin and topic publishers to perform arbitrary code on the server.

The attacker may also change the password of the manager, build new manager accounts, or do what the logged-in administrator can do with the target system.

The vulnerability of the WordPress 4.1.2 release is similar to the one reported by Cedric Van Brookhaven.

Update: We learned that they tried to contact the WordPress security team but couldn’t get a prompt answer.

You will automatically update your site if you do not have automatic updates disabled.

We highly recommend you to update the WordPress 4.2.1 website again. Before you update, please ensure that your site is backed up.

About the Author: Team X

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *