WordPress Quickly Patches Zero-Day Comment Flaw

Apr 28, 2015, 19:00 (0 Talkback[s])
(Other stories by Sean Michael Kerner)

The open-source WordPress content management system (CMS) on April 27 issued an emergency update, patching a new zero-day vulnerability that might have exposed users to risk.

Security researcher Jouko Pynnönen first blogged about the zero-day issue on April 26. "An unauthenticated attacker can inject JavaScript in WordPress comments," Pynnönen warned. "The script is triggered when the comment is viewed."

Complete Story

Related Stories:

• Top 5 WordPress Vulnerabilities and How to Fix Them(Apr 23, 2012)