Tuesday, 3 May 2016

Security Advisory: Stored XSS in bbPress WordPress Plugin

Real People. Real Security.

Security Advisory: Stored XSS in bbPress

During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress, currently installed on 300,000 live websites, one of them being the popular wordpress.org support forum.

Exploitation Level: Easy/Remote
DREAD Score: 6/10
Vulnerability: Stored XSS
Patched Version:  bbPress 2.5.9

As a Cross-Site Scripting (XSS) vulnerability,  it could allow this user to hijack other user accounts, perform actions on their behalf (like administrators, moderators, etc.) to escalate its user's privileges.
Read More About This Security Disclosure
Websites behind the Sucuri Firewall have been protected against this threat

via our Virtual Hardening / Patching technology. 
Protect Your Site With Sucuri
This email does not mean you are affected!

Being proactive in the protection of your site is of one of the most important aspects of having a solid security posture. Therefore, we feel it's important to research and report on all potential threats as quickly as possible.

"Our server load has come down on WPBeginner - insanely!

Security is a big thing and is the primary reason we use Sucuri, but the added benefit is the speed aspect - because everything goes through the WAF and it's that much faster."
- Syed Balkhi
Sucuri Labs
Sucuri Labs
Copyright © 2016 Sucuri Security, All rights reserved.
The user subscribes to this list to stay current with the latest in security news.

Our mailing address is:
Sucuri Security
30141 Antelope RD
Suite D, #680
Menifee, CA 92584

Add us to your address book

unsubscribe from this list    update subscription preferences