Vulnerability Found in Latest Versions of WordPress, Patch Now Available : eAskme |
The Zero Day vulnerability allows attackers to insert JavaScript into comments. Attackers can leverage this vulnerability by inserting code into the server through theme editors and the plugin.
This exploit even allow attackers to change the admin password, create new admin accounts, or do anything else with admin rights.
Also See : ISIL Defacements Exploiting WordPress Vulnerabilities
An attacker use this exploit with excessively long comment that exceeds MySQL TEXT type size limit and it cause the comment to be truncated. This will result in truncated comments in malformed HTML on the web page.
Also See : Yoast WordPress SEO Plugin Vulnerable To Hackers
Now WordPress security team has released a patch. You can update it through WordPress dashboard. This is a critical security release for all versions, and I strongly recommend you to update immediately.