A really, really long comment could allow an attacker to hijack your WordPress blog. Watch today’s quick video to learn about the zero day XSS flaw reported by a Finnish security researcher, and what you can do about it.
(Episode Runtime: 1:48)
Direct YouTube Link: https://www.youtube.com/watch?v=H2XR2tnm0yQ
EPISODE REFERENCES:
- Researchers blog post on 0day WordPress XSS – Klikki.fi
- Long comments can hijack WordPress blogs – Motherboard
- WordPress has since released an update to fix this – Ars Technica
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply