WordPress XSS Bug Allows Drive-By Code Execution

13 September 2019

A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis. The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that Gutenberg fails to filter a post’s JavaScript/HTML code if there’s a “Shortcode” error message.

Read full article on Threat Post

Date:

13 September 2019

Categorie(s):

NEWS

Tag(s):

Bugs, Content-management Framework, Cross-Site Scripting, Drive-By Attack, Open Source

Why a ‘Frozen’ Distribution Linux Kernel Isn’t the Safest Choice for Security19 May 2024
An attorney says she saw her library reading habits reflected in mobile ads. That’s not supposed to happen18 May 2024
Gawd, after that week, we wonder what’s next for China and the Western world18 May 2024
[FREE EBOOKS] Cyber Security and Network Security, Build Your Own Programming Language – Second Edition & Four More Best Selling Titles18 May 2024
US Official Warns a Cell Network Flaw Is Being Exploited for Spying18 May 2024