Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » WordPress zero-day vulnerability

WordPress zero-day vulnerability


Threatpost - (International) WordPress patched a critical stored cross-site scripting (XSS) zero-day vulnerability in its release of version 4.2.1. The vulnerability affected tens of millions of WordPress sites and allowed attackers to store malicious JavaScript in the comment fields of WordPress sites that would be executed server-side once the comments are viewed.


Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at:

Last Updated: 27 May 2016 10:24:12