

WordPress XSS 0day - jchavannes
http://arstechnica.com/security/2015/04/27/just-released-wordpress-0day-makes-it-easy-to-hijack-millions-of-websites/

======
lol768
The blogpost linked
([http://klikki.fi/adv/wordpress2.html](http://klikki.fi/adv/wordpress2.html))
in the article is rather worrying to read - especially the "Solution" section
which suggests Klikki Oy had a lot of trouble communicating with WordPress and
getting the bug fixed.

Interestingly, the WordPress blog states "A few hours ago, the WordPress team
was made aware of a cross-site scripting vulnerability, which could enable
commenters to compromise a site. The vulnerability was discovered by Jouko
Pynnönen."

I'm not very familiar with WordPress or its plugins, but does it make use of
Content-Security-Policy headers? Those might've helped to minimise the risk
(at least for users with modern browsers) to users browsing WordPress sites.

~~~
lightlyused
It uses a mysqlism to trick its way fast a poorly written xss filter.

------
breakingcups
Let's wait on the obligatory Cloudflare blogpost talking about how their
paying customers are protected.

