Critical XSS 0-Day Vulnerability Disclosed in WordPress 4.2

A critical, unpatched 0-day vulnerability affecting WordPress comment mechanisms. This vulnerability is now disclosed publicly.

WHMCS Complete Billing and Support

XSS 0-Day vulnerability WordPress 4.2

Who is affected?

If your WordPress site allows users to post comments via the WordPress commenting system, you’re at risk. An attacker could leverage a bug in the way comments are stored in the site’s database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the site’s code if the code runs when in a logged-in administrator browser.

What can we do?

You should disable WordPress commend system until a patch is available. Hopefully the WordPress team will release a patch soon.

Posted in Security.