Another critical Zero-Day Cross-Site Scripting (XSS) vulnerability in Wordpress was announced and patched on Monday, after fixing a similar flaw earlier this week.
The vulnerability, discovered by Finland based security firm Klikki Oy, gives full control to an attacker to the web server posing a critical threat to millions of sites that are powered by the popular content management system.
How does the attack work?
The cross site scripts are considered as one of the most notorious and common web flaws allowing the hacker to run any arbitrary, bug infected code on the server.
If the script is triggered by a logged-in administrator under default setup, where comments need admin approval, the attacker can leverage the flaw to execute rogue code on the web server through the plugin and theme editors.
Now after the first comment approval, attacker is free to do anything like change admin password, create new admin or take over complete system.
How was the vulnerability discovered?
Jouko Pynnonen of Klikki Oy is credited for discovering the flaw. The detailed the proof-of-concept code can be found on their website.
The vulnerability bears resemblance to another flaw reported last year by researcher Cedric Van Bockhaven in his blog, here.
If you need a visual proof-of-concept attack in progress, watch this video by Klikki Oy –
How can I protect my website against the vulnerability?
Site owners and administrators are urged to immediately download WordPress 4.2.1 or press “Update Now” from Dashboard → Updates.
WordPress versions 3.9.3, 4.1.1, 4.1.2, and the latest version 4.2 are vulnerable to the XSS exploit.
If your Wordpress site uses its commenting system, it is prone to the XSS attack. The vulnerability not only affects comment section but complete Wordpress core and plug-ins, so be warned and upgrade the system. In the meantime, disable the comments, do not approve any comments and utilize a Firewall.
Mageshield also provides you the security patched solution for your Wordpress site. Please act now to make sure that your Wordpress site is secure!