Jetpack <= 6.4.2 – Authenticated Stored Cross-Site Scripting (XSS)

December 12, 2018
jetpack Theme Builder Layout
Description
According to RIPS Technologies:

 "RIPS detected a Stored XSS vulnerability that affects a module available to premium and professional users of Jetpack. Attackers who gained control over an account on the target site with at least Contributor privileges were able to inject arbitrary JavaScript code into the HTML markup of a blog post. Once the administrator of the target site views the malicious blog post, evil JavaScript code is executed which compromises the target server."

Share this article:
 




eHost-square-ad Theme Builder Layout

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:

SHARE IT HERE:

Related Posts

using-wpscan-to-find-wordpress-vulnerabilities-on-your-website Theme Builder Layout

Using WPScan to find WordPress vulnerabilities on your website

WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress core, as well as popular WordPress plugins and themes.Since it is a WordPress black box scanner, it mimics a real...

how-to-remove-malicious-redirects-from-your-site Theme Builder Layout

How To Remove Malicious Redirects From Your Site?

Is your WordPress website maliciously redirecting your users to unknown websites like ones that sell medical products? Chances are you’ve been hacked.Visitors could also be redirected to unsecured sites that host adult content, sell counterfeit products, or try to...

how-to-detect-the-bt-wordpress-hack Theme Builder Layout

How to Detect the .bt WordPress Hack

Just recently we cleaned a WordPress site which was apparently hacked many years ago. The hack was still active and our client was lucky that we found it since he asked us to host the site for him(we’ll talk about this added service in a new blog post). Every time we...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.