The stored XSS could lead to remote code execution.
Vulnerability has been assigned Common Vulnerabilty Scale of 5.1. If you are running latest version of the CMS you are not at risk. You must upgrade to 4.2.1 or 4.2.2 as soon as possible.
The bug was reported to the vendor via responsible disclosure path. It has been patched in 4.2.1 release.
Another critical vulnerability has been discovered in the latest version of Open Source Content Management System (CMS) - WordPress.
The latest version of WordPress — 4.9.5 — is currently being used by millions of websites and blogs across the globe.
However, due to the discovery of a critical vulnerability in this version, an attacker can take control of your WordPress site and perform malicious actions on behalf of your website visitor.
The Stored XSS vulnerability in WordPress 4.9.5
The vulnerability allows an attacker to inject malicious scripts into a WordPress installation in order to gain control of the website.
There are two main variants of the vulnerability. The first is that you can be tricked by an attacker who designed a webpage with malicious code and when you visit that webpage, your browser will execute the code and your site will be controlled by the attacker. The second variant is when pages on your site have been infected with malicious code and when a visitor tries to access those pages, their browsers will execute the code too — this time on behalf of the visitor.
WordPress Vulnerability – CVE-2022 -37247
The bug was reported to the vendor via responsible disclosure path. It has been patched in 4.2.1 release.
Another critical vulnerability has been discovered in the latest version of Open Source Content Management System (CMS) - WordPress.
The latest version of WordPress — 4.9.5 — is currently being used by millions of websites and blogs across the globe.
However, due to the discovery of a critical vulnerability in this version, an attacker can take control of your WordPress site and perform malicious actions on behalf of your website visitor.
What is WordPress?
WordPress is an open-source content management system (CMS) and blogging tool. It's one of the most widely used CMSs on the web and the most popular blogging platform in the world.
It offers strong flexibility and customization that allows it to adapt to many different types of business needs. What's more, it's easy to learn, making it a favorite among both beginners and professional bloggers.
WordPress is well known for its large community of users, who can offer support and input on specific functionality that WordPress doesn't provide natively.
Timeline
Published on: 09/16/2022 22:15:00 UTC
Last modified on: 09/21/2022 15:39:00 UTC