GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Tech [!] CRITICAL Persistent XSS 0day in WordPress (https://gfy.com/showthread.php?t=1165636)

MrGusMuller 04-27-2015 09:02 AM
[!] CRITICAL Persistent XSS 0day in WordPress
 
:warning:warning

Quote:
If your WordPress site allows users to post comments via the WordPress commenting system, you?re at risk. An attacker could leverage a bug in the way comments are stored in the site?s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site?s code if the code runs when in a logged-in administrator browser.
...
Quote:
There?s a few thing you can do to prevent getting hacked before there?s an official patch being released: You can disable comments on your site or leverage a Web Application Firewall to filter good requests from exploit attempts.
https://blog.sucuri.net/2015/04/crit...wordpress.html

anexsia 04-27-2015 11:31 AM
Thanks! Looks like Wordpress is pushing through an automatic security update to fix this, installs should go from 4.2 to 4.2.1.

Bladewire 04-27-2015 11:34 AM
Thank you! I love your security updates here they're awesome, keep up the good work :thumbsup

Denny 04-27-2015 12:54 PM
Thanks and bump.

MrGusMuller 04-27-2015 02:48 PM
tnks! :)

UPDATE
A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately.

Paul&John 04-27-2015 02:52 PM
Updated ;)


All times are GMT -7. The time now is 07:59 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123