Cross-site Scripting Vulnerabilities in WordPress
WordPress updated the codes to address multiple Cross-site scriptings (XSS) vulnerabilities such as XSS and Authenticated XSS. The WordPress update was not limited to fixing XSS vulnerabilities. There were other kinds of issues that have been addressed.
A cross-site scripting (XSS) vulnerability allows an attacker to inject a malicious script on a vulnerable web page in a WordPress website. An authenticated cross-site scripting (Authenticated XSS) is the same vulnerability that happens when a user is logged in.
There were 17 bug fixes in this new software update. Typical bugs that were fixed were broken media file uploads affecting certain browsers and fixing conflicts with some plugins, among many other bugs.
WordPress Lower than 3.7 to be Updated
WordPress announced that WordPress installations from WordPress 3.7 and up have been automatically updated. That means WordPress installations lower than 3.7 were not automatically updated. It is evident to update any older WordPress installations lower than 3.7to the very latest in order to avoid any malicious attack.
