WordPress core stored XSS
Overview A stored XSS vulnerability in WordPress allows an user with the posting capability to compromise the website. Under default configuration, the
Tag: wordpress
WordPress 4.2 core stored XSS
Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script
Google Analytics by Yoast stored XSS #2
Overview Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress
Google Analytics by Yoast stored XSS
Updated March 20: added some technical details and YouTube demo. Overview Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With
WPML vulnerabilities
Update March 13: Added vulnerability #4, unauthenticated administrative functions. Update April 12: Added vulnerability #5, reflected XSS via HTTP referer. March 19: See also Google Analytics
WordPress comment exploit published
The Russian blog Habrahabr has published (translation) a proof of concept exploit for the WordPress bug reported by Klikki on November 20. The blog also reports
WordPress 3 core unauthenticated stored XSS
Overview A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes
Kaikki yleisesti käytössä olevat WordPress-versiot haavoittuvia
Klikki Oy on havainnut WordPress-sisällönhallintajärjestelmässä haavoittuvuuden, joka mahdollistaa ulkopuoliselle ohjelmakoodin syöttämisen WordPress-blogikirjoituksiin ja -sivuihin. Ainakin ohjelmiston kaikki 3-versiot, joita asennuksista on noin