Just a quick note to my WordPress pals – the latest update, WordPress 4.2.3, has an import fix for a cross site scripting (XSS) vulnerability that leaves your site vulnerable to attack. According to Sophos:
Continue Reading →“The flaw allows WordPress users who have Contributor or Author roles to add javascript to a site (something normally reserved for Editors and Administrators) using specially crafted shortcodes.
Attackers ...
JUL