|
|
|
|
|
|
by lol768
4069 days ago
|
|
|
The blogpost linked (http://klikki.fi/adv/wordpress2.html) in the article is rather worrying to read - especially the "Solution" section which suggests Klikki Oy had a lot of trouble communicating with WordPress and getting the bug fixed. Interestingly, the WordPress blog states "A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen." I'm not very familiar with WordPress or its plugins, but does it make use of Content-Security-Policy headers? Those might've helped to minimise the risk (at least for users with modern browsers) to users browsing WordPress sites. |
|
|