The open-source WordPress content management system (CMS) on April 27 issued an emergency update, patching a new zero-day vulnerability that might have exposed users to risk.
Security researcher Jouko Pynnönen first blogged about the zero-day issue on April 26. “An unauthenticated attacker can inject JavaScript in WordPress comments,” Pynnönen warned. “The script is triggered when the comment is viewed.”