During regular research audits for our Sucuri Firewall (WAF), we discovered a source-based stored Cross-Site Scripting (XSS) vulnerability affecting WordPress 4.8.1.
Are You at Risk?
The vulnerability requires an account on the victim’s site with the Contributor role – or any account in a WordPress installation with bbPress plugin, as long as it has posting capabilities (if anonymous posting is allowed then no account is needed).
*** This is a Security Bloggers Network syndicated blog from Sucuri Blog authored by Rodolfo Assis. Read the original post at: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html