A zer0 day vulnerability has been found in the word press 4.2 and earlier.The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. Jouko Pynnönen <http://klikki.fi/> discovered the zero-day vulnerability in WordPress versions 4.2 and earlier, which allows an attacker to use stored or persistent, cross-site scripting (XSS) bugs <https://en.wikipedia.org/wiki/Cross-site_scripting> to embed code into a WordPress comment field. From there, attackers can change passwords, add new administrators, or take just about any other action legitimate admins can perform.In this new WordPress vulnerability, the malicious comment has to be at least 66,000 characters long <http://wccftech.com/critical-wordpress-4-2-vulnerability/> and the script will be triggered when the comment is viewed, check out the link for more details. http://www.symantec.com/connect/blogs/wordpress-zero-day-exploit-patch-released
-- You received this message because you are subscribed to the Google Groups "NFORCEIT" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send an email to [email protected]. Visit this group at http://groups.google.com/group/nforceit. For more options, visit https://groups.google.com/d/optout.
