April 2015 (1)

WordPress < 4.1.2 Stored XSS vulnerability

WordPress 4.1.2 is available as of April 21, 2015. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site (WP blog). tldr; mysql → special characters → truncation → input validation → output sanitisation → xss → time to update WordPress. Introduction: MySQL […]

Read Post
1328 days ago 68 Comments Uncategorized