Techarticles.Me – A malicious vulnerability has been found in WordPress. Analysts from the FortiGuard laboratory have discovered a vulnerability in the world’s most popular WordPress-CMS (Content Management System), which builds a third of all websites.
The vulnerability detected by Fortinet analyst is a zero-day vulnerability, which is an unknown software manufacturer until it is published. This applies to WordPress versions 5.0 to 5.04, 5.1 and 5.1.1.
How it works
In WordPress version 5.0, users can add blocks that contain HTML snippets to posts. When adding some code characters, such as “< “, and then reopen this post, WordPress shows an error message and gives a preview, where It translates the code “< ” to the character “< “. The XSS Filter in this preview can be easily skipped, for example with the code indicated by Fortinet, proving the existence of the vulnerability: “” > < img src = 1 onerror = prompt (1) > “. When the victim sees a post like that, this XSS code will be executed in its browser.
If you have a WordPress-based website, it is best to update the platform to the latest version-5.2.3.