[SECURITY - NEWS] XSS Vulnerability Patched in SEOPress Affects 100,000 sites

Roger Marquez

Jr. VIP
Jr. VIP
Joined
Apr 17, 2017
Messages
3,373
Reaction score
4,204
Website
bit.ly
SOURCE:
 

Laplace

Jr. VIP
Jr. VIP
Premium Member
Joined
Aug 24, 2018
Messages
154
Reaction score
32
There will not be serious problems, but it is still useful to update.

Thank You @Roger Marquez
 

itz_styx

Jr. VIP
Jr. VIP
Joined
May 8, 2012
Messages
2,260
Reaction score
1,619
Website
argo-content.com
only works if you allow registrations on the site. the attacker at least needs a valid user account (subscriber level is the minimum).
so if you have a blog without allowing registrations it can't be exploited.
There will not be serious problems, but it is still useful to update.
well if you allow users to register then it could be harmful. someone could hijack all traffic, or push malware etc. as javascript can be injected and you can do a lot of things with js.
in combination with other bugs it could even lead to full compromise of the site/server.
 
Top