Yesterday, WordPress announced another security release, urging all users to update all WordPress installations immediately. WordPress Security Release 4.2.1 fixes yet another Stored Cross Site Scripting (XSS) vulnerability, which allows an unauthenticated user to inject JavaScript in WordPress comments.

The injected script can be affect both WordPress users and WordPress administrators, and therefore this vulnerability is being considered highly critical. This vulnerability can be mitigated by disabling comments and it does not affect comments that are awaiting moderation.

Last week, WordPress had made available another security release, which fixes a different, yet similar, XSS vulnerability which could also allow an anonymous user to compromise a WordPress site.
If you are running WordPress, you are urged to upgrade to WordPress 4.2.1. Acunetix can already detect vulnerable WordPress installations. If you are using Acunetix WVS, you will need to install the update from Help > Check for Updates. Acunetix OVS has been updated to detect the vulnerability.



Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.