September 29, 2016

WordPress 3.3 Patched to Fix Cross-Site Scripting Vulnerability

(LiveHacking.Com) – WordPress 3.3.1 has been released to fix a Cross-Site Scripting (XSS) vulnerability discovered by  security researchers, Aditya Modha & Samir Shah. As well as fixing the XSS problem, 3.3.1 fixes 15 issues with WordPress 3.3. Once the vulnerability was made public other researchers tried to test the vulnerability but without success. It transpires that if WordPress is installed using an IP address the vulnerability is exploitable. If however, like many people, WordPress is installed via a domain name, the site isn’t vulnerable. This is because of some logic with the WordPress codebase which treats urls differently depending on whether WP_SITEURL is set or unset.

The WordPress team mentioned thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K. and the Go Daddy security team for responsibly disclosing the bug to the WordPress security team.

WordPress 3.3.1 can be downloaded from here or use Dashboard → Updates in your site admin.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks