WordPress Vulnerability

This is a new, serious wordpress vulnerability, announced recently which has the potential to cause some damage and disruption. Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed.

WordPress Vulnerability Impact:

If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors. Read the rest of this entry