WordPress developer Auttomatic is urging users to urgently update their installations of the company’s publishing platform to fix a critical vulnerability that could lead to attackers taking over entire sites.Jouko Pynnönen of security vendor Klikki.fi discovered a cross-site scripting (XSS) flaw in WordPress that allows commenters to inject Javascript into sites.When admin users check the comments to moderate them and execute the Javascript they contain attackers can gain full control of the target WordPress site through the plugin and theme editors.
Read on, source: WordPress patches critical XSS vulnerability – Security – News – iTnews.com.au