Search Go hack yourself with Detectify

An EASM blog from Detectify

[Alert] New WordPress XSS Vulnerability Discovered

May 17, 2016

Are you running WordPress 4.2.0 to 4.5.1? Time to upgrade to 4.5.2!

It was recently discovered that WordPress versions 4.2.0 to 4.5.1 are vulnerable against a reflected XSS vulnerability in a specific WordPress SWF-file: flashmediaelement.swf. The vulnerability could lead to leaked WordPress credentials, or be used as a stepping stone to more severe attacks.

3 things you can do to protect your website:

  • Upgrade to WordPress version 4.5.2 as soon as possible.
  • Remove the flashmediaelement.swf file (if you do not know how to proceed, the best option is to simply upgrade the WordPress-version).
  • A third option is to limit the allowed IP addresses to your office or VPN IP.

As always, we recommend you to run regular security tests on your website to keep up with all the latest vulnerabilities.

Stay safe!