Tech [!] CRITICAL Persistent XSS 0day in WordPress - GoFuckYourself.com

MrGusMuller · 04-27-2015, 09:02 AM

Quote:

If your WordPress site allows users to post comments via the WordPress commenting system, you?re at risk. An attacker could leverage a bug in the way comments are stored in the site?s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site?s code if the code runs when in a logged-in administrator browser.

...

Quote:

There?s a few thing you can do to prevent getting hacked before there?s an official patch being released: You can disable comments on your site or leverage a Web Application Firewall to filter good requests from exploit attempts.

https://blog.sucuri.net/2015/04/crit...wordpress.html

anexsia · 04-27-2015, 11:31 AM

Thanks! Looks like Wordpress is pushing through an automatic security update to fix this, installs should go from 4.2 to 4.2.1.

Bladewire · 04-27-2015, 11:34 AM

Thank you! I love your security updates here they're awesome, keep up the good work

Denny · 04-27-2015, 12:54 PM

Thanks and bump.

MrGusMuller · 04-27-2015, 02:48 PM

tnks!

UPDATE
A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately.

Paul&John · 04-27-2015, 02:52 PM

Updated ;)

04-27-2015, 11:34 AM	#3
Bladewire StraightBro Industry Role: Join Date: Aug 2003 Location: Monarch Beach, CA USA Posts: 56,229	Thank you! I love your security updates here they're awesome, keep up the good work __________________ Skype: CallTomNow

04-27-2015, 12:54 PM	#4
Denny Too lazy to set a custom title Industry Role: Join Date: Feb 2005 Posts: 17,273	Thanks and bump. __________________

04-27-2015, 02:48 PM	#5
MrGusMuller Confirmed User Industry Role: Join Date: Oct 2010 Location: Portugal Posts: 1,262	tnks! UPDATE A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately. __________________ StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections ICQ: 632343*113

04-27-2015, 02:52 PM	#6
Paul&John Confirmed User Industry Role: Join Date: Aug 2005 Location: YUROP Posts: 8,606	Updated ;) __________________ Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo! Anal Webcams \| Kinky Trans Cams Live \| Hotwife XXX Tube \| Get your Proxies here

04-27-2015, 11:31 AM	#2
anexsia Confirmed User Industry Role: Join Date: May 2010 Posts: 5,735	Thanks! Looks like Wordpress is pushing through an automatic security update to fix this, installs should go from 4.2 to 4.2.1.