Developers of the popular WordPress blogging platform have released a critical security update to fix a vulnerability that can be exploited to take over websites.
WordPress 4.2.3, released Thursday, resolves a cross-site scripting (XSS) vulnerability that could allow users with the Contributor or Author roles to compromise a website, said Gary Pendergast, a member of the WordPress team, in a blog post.
While this is not as critical as a flaw that can be exploited without authentication, it still poses a high risk for many websites because the compromise of a single non-administrator user account can turn into a complete website takeover.
To read this article in full or to leave a comment, please click here
