WordPress 4.2.1 Security Release addresses yet another XSS vulnerability

Yesterday, WordPress announced another security release, urging all users to update all WordPress installations immediately. WordPress Security Release 4.2.1 fixes yet another Stored Cross Site Scripting (XSS) vulnerability, which allows an unauthenticated user to inject JavaScript in WordPress comments.

The injected script can be affect both WordPress users and WordPress administrators, and therefore this vulnerability is being considered highly critical. This vulnerability can be mitigated by disabling comments and it does not affect comments that are awaiting moderation.

Last week, WordPress had made available another security release, which fixes a different, yet similar, XSS vulnerability which could also allow an anonymous user to compromise a WordPress site.
If you are running WordPress, you are urged to upgrade to WordPress 4.2.1. Acunetix can already detect vulnerable WordPress installations. If you are using Acunetix WVS, you will need to install the update from Help > Check for Updates. Acunetix OVS has been updated to detect the vulnerability.


Share this post

Leave a Reply

Your email address will not be published.