WordPress Stored XSS Zero Day

April 27, 2015

Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed.

If the attacker submits the following comment in the comment field, the script is stored in the database.

When the administrator tries to view the comment the script is executed.

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 2119 : Cross-Site Scripting (XSS) Attack 49