Vulnerability
The old versions of WordPress are vulnerable to cross-site scripting attacks. The old WordPress does not require the unfiltered_html capability to upload the javascript files. This vulnerability could allow attackers to execute Cross-site Scripting attacks using a crafted vulnerable file. Cross-site Scripting (XSS) is a client-side code injection attack where, an attacker can execute malicious scripts into a website or web application. This flaw can cause attackers to access any cookies, session tokens, or other sensitive information retained by the client side.
Impact and Fixes
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
