Skip to main content
Link to Pressjitsu home page
Log in
PricingFeaturesAboutContactBlogLog in

Stored XSS vulnerability in WordPress

Avatar of Dave MatthewsDave Matthews
Post Date
Apr 27th, 2015

Jouko Pynnönen of Klikki Oy has recently disclosed an XSS vulnerability affecting core WordPress versions 4.2 and below. The vulnerability allows the attacker to take full control of a WordPress-powered website.

The WordPress core team is working on a fix for this security issue, which is likely to ship as early as this week. Meanwhile, it is recommended that you close all commenting on all WordPress sites. However, if you’re hosted with Pressjitsu, don’t worry – we’ve already patched every account to mitigate this kind of attack, so no further action is required.

Stay safe, and if you have any questions, don’t hesitate to get in touch with support.

Ready-to-use expert knowledge right in your inbox
Sign up here for our weekly newsletter to get WordPress tips from industry experts.