Don’t be a WordPress RCE-hole and patch up this XSS vuln, pronto

A newly revealed vuln in the open-source CMS WordPress allows an unauthenticated website attacker to remotely execute code – potentially letting naughty folk delete or edit blog posts. The flaw, detailed by German code-checking company RIPS Technologies in a blog post, can be exploited “by tricking an administrator of a target blog to visit a website set up by the attacker”

Read full news article on The Register