A couple of Indian security researchers, Aditya Modha and Samir Shah, found an easy-to-exploit cross-site scripting (XSS) weakness that affected all WordPress 3.3 websites, but version 3.3.1 was quickly released to fix the issue. The researchers showed that by posting a comment on a targeted site using a special script and by making sure the author, email and comment tags had the same values as the ones from the previous post they could generate a
500 internal server error. The flaw works only on Internet Explorer browsers and
Ethicalhack3r published a piece of code that prevents exploitation.
However, to make sure their websites are completely protected, users should update to the latest WordPress 3.3.1 as soon as possible.
The WordPress 3.3.1 maintenance release also fixes 15 functionality problems that affected WordPress 3.3.
WordPress 3.3.1 is available for download
here.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
