Stored XSS Patched in WordPress 5.1.1
WordPress recently released an update, 5.1.1, which patches a stored XSS vulnerability in the platform’s comment system. Even 10 days after the release of this security patch, around 60% of all WordPress sites scanned by our services didn’t have this fix applied.
We are not aware of any exploit attempts using the vulnerability currently.
Should I Panic?
This vulnerability requires some level of social engineering to be exploited, and as such it may seem like this attack would be very hard to perform.
Continue reading Stored XSS Patched in WordPress 5.1.1 at Sucuri Blog.