Cross-Site Flashing (XSF) WordPress Vulnerability

WordPress, the content management system powering north of 28% of websites on the Internet, is certainly no stranger to providing timely security patches to its hundreds of millions of users when security researchers report them. This time, however, things took a slightly different turn – Enguerran Gillier, a security researcher discovered and disclosed a Cross-Site Flashing (XSF) vulnerability in the WordPress core affecting all WordPress versions going back a whole 2 years, including the very latest security release of WordPress (version 4.8.2 at the time of writing).

Read full news article on Dzone