Security News

WordPress Stored XSS Zero Day (April 27, 2015)

By

Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed.

If the attacker submits the following comment in the comment field, the script is stored in the database.

When the administrator tries to view the comment the script is executed.

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 2119 : Cross-Site Scripting (XSS) Attack 49
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Cyber Security News & Trends - 03-20-20
Hiddentear ransomware variant encrypts and gives files .poop extension
Oracle Secure Backup uname Vulnerability (Jan 23, 2009)
Microsoft Security Bulletin Coverage for September 2023
AgentTesla Updates Its Infection Chain
New variant of Atros InfoStealer actively spreading in the wild. (Mar 24, 2017)
Microsoft Security Bulletin Coverage (Sep 11, 2012)
This long spreading Android locker has been spotted using Coronavirus theme