Number: IRCNE2015072578
Date: 2015/07/25
According to “zdnet”, users of popular web-based blogging software WordPress have been urged to update after a security vulnerability was discovered.
Users on versions 4.2.2 and earlier are affected by a "critical" cross-site scripting flaw, allowing someone with "contributor" or "author" roles to take over a site.
Cross-site scripting (XSS) attacks allow a hacker or malicious actor to embed malicious code in a website's code.
The flaw was found internally by members of WordPress' security team.
The update also fixes a total of 20 flaws, including one where it "was possible for a user with Subscriber permissions to create a draft through Quick Draft."
- 7