WordPress version 4.2.3 resolves a Cross-Site Scripting (XSS) flaw
that could allow any user with the Contributor or Author role to
compromise a website, Gary Pendergast of the WordPress team wrote in a blog post on Thursday.
Cross-site scripting is actually a vulnerability in the Web
applications' code that opens up the target website to attacks. The
vulnerability is one of the most favorite and commonly used flaws by
cyber criminals.
According to the company, the vulnerability could allow hackers to embed maliciously-crafted HTML, JavaScript, Flash, or other code to bypass WordPress's kses protection by fooling users into executing a malicious script on their computer system.
This, in turn, leads to the collection of users' sensitive data, including cookies stored on their systems.
It is still unknown exactly how websites could be compromised using the
flaw, as more details about the vulnerability aren't yet made available
by the company.
Update your WordPress CMS Now!
All versions of WordPress from 4.2.2 and earlier are affected by the flaw, but you need not worry about it if you have Automatic Security Updates enabled.
However, if not, you are strongly recommended to update your WordPress CMS to version 4.2.3 as soon as possible.
To Update WordPress, all you need to do is just go to the main WordPress "Dashboard", then "Updates" and click "Update Now." And you are done.
