Reflected XSS in WordPress v5.5.1 and Lower

WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug in the way WordPress determines a user’s current page, and which may cause a few other problems as well.

Are You Affected?

This vulnerability is exploitable on every WordPress site and user account. For the exploit to be successful, the attacker must trick an unsuspecting user into clicking on a malicious link or visiting a booby-trapped website.

Continue reading Reflected XSS in WordPress v5.5.1 and Lower at Sucuri Blog.

More great articles

New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3

In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup…

Read Story

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 12, 2024 to February 18, 2024)

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, …

Read Story

PSA: Remove Kaswara Modern WPBakery Page Builder Addons Plugin Immediately

Today, April 21, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day vulnerability that is being actively…

Read Story

Emergency WordPress Help

One of our techs will get back to you within minutes.