- WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection and security bypass vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to compromise the application, access or modify data or exploit vulnerabilities in the underlying database or to perform otherwise restricted actions and subsequently switch themes or activate/deactivate plugins. WordPress versions prior to 2.2.3 are vulnerable.
- Update to WordPress version 2.2.3 or latest
- WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (1.3.2)
- WordPress Plugin WooCommerce Cross-Site Scripting (2.6.8)
- WordPress Plugin Strong Testimonials Multiple Cross-Site Scripting Vulnerabilities (2.31.4)
- WordPress Plugin Answer My Question Cross-Site Scripting (1.3)
- Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.1.9)