WordPress XSS Vulnerability

If you’re a WordPress blogger be sure to update to the latest 3.0.4 build as soon as possible, While no new features have been fixed a major security hole has been patched.
Basicly 3.0.3 allows users to insert comments with malicious code, the 3.0.3 WordPress only sanitizes lowercase HTML allowing a malicious user to pass bad code to obtain cookies of a logged in user.

For now if your still running 3.0.3 check all pending and new comments for base 64 code or JavaScript links and if you see some delete the comment right away.

See http://wordpress.org/ for the complete announcement from the wordpress team.

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

1FRxrBB6wQHQGRLHWZ3xjhJY1XT9WimVxw

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.

Leave a Reply