---

WordPress Quickly Patches Zero-Day Comment Flaw

The open-source WordPress content management system (CMS) on April 27 issued an emergency update, patching a new zero-day vulnerability that might have exposed users to risk.

Security researcher Jouko Pynnönen first blogged about the zero-day issue on April 26. “An unauthenticated attacker can inject JavaScript in WordPress comments,” Pynnönen warned. “The script is triggered when the comment is viewed.”

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis