Dear Clients
Please be aware that All Current versions of WordPress are vulnerable to a stored XSS. What this means is that an unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed.
If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plug-in and theme editors.
Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.”
Scary stuff; luckily, it didn’t take long for WordPress to fight back. WordPress’ critical security release 4.2.1 is now available for download, which comes highly recommended if you use WordPress’ commenting system. Either click here to download or go to your Dashboard and click “Update Now”.
Article on update available here;
* And remember if you don’t use WordPress you have nothing to worry about!
Warm Regards,
The eDisc Web Team