WordPress Releases Update to Address Zero Day Flaw

This week WordPress released a critical update to fix a vulnerability in its content management system that could be exploited to hijack web admin accounts. An exploit for the vulnerability was released over the weekend.

Attackers could exploit the flaw by embedding malicious code in a comment. If the attacker has previously made an innocuous post that gets approved by a site administrator, the new comment containing the code would post automatically and the code would execute. The WordPress update brings the most current version to 4.2.1.

Read the story in the news.


About MIT
IT Security Awareness Consultant and Communications Specialist at MIT

Comments are closed.

%d bloggers like this: