Stored XSS vulnerability in WordPress

Jouko Pynnönen of Klikki Oy has recently disclosed an XSS vulnerability affecting core WordPress versions 4.2 and below. The vulnerability allows the attacker to take full control of a WordPress-powered website.

The WordPress core team is working on a fix for this security issue, which is likely to ship as early as this week. Meanwhile, it is recommended that you close all commenting on all WordPress sites. However, if you’re hosted with Pressjitsu, don’t worry – we’ve already patched every account to mitigate this kind of attack, so no further action is required.

Stay safe, and if you have any questions, don’t hesitate to get in touch with support.