As you might remember,ย we recently blogged about a critical Content Injection Vulnerability in WordPressย which allowed attackers to deface vulnerable websites. While our original disclosure only describedย one vulnerability, we actually reported two to the WordPress team. As it turns out, it was possible to leverage the content injection issue toย achieve a stored cross-site scriptingย attack. This issue was patched in WordPress 4.7.3.
Are You at Risk?
This vulnerability has been present in WordPress for quite a while, well before 4.7.
Continue reading Stored XSS in WordPress Core at Sucuri Blog.