Securi has announced a vulnerability affecting the bbPress plugin for WordPress.
Quote:
This bug is present on every default install of bbPress < 2.5.9... The vulnerability allows any malicious users participating on the forum to insert malicious Javascript snippets into posts and replies. This is especially dangerous considering the social nature of forums.
As a Cross-Site Scripting (XSS) vulnerability, it could allow this user to hijack other user accounts, perform actions on their behalf (like administrators, moderators, etc.) to escalate its user’s privileges.
|
https://blog.sucuri.net/2016/05/secu...bbpress-2.html
An updated bbPress Plugin has been released, Version 2.5.9
https://bbpress.org/blog/2016/05/bbpress-2-5-9/
If you are using the WP bbPress Plugin you will want to immediately upgrade the plugin or disable if unable to upgrade immediately.
https://wordpress.org/plugins/bbpress/
As always FutureQuest encourages anyone running any scripts, such as
WordPress, to ensure they maintain the most up to date version and install
any patches released to reduce the chances of a compromise of your site.
This also includes any plugins, addons and themes...
It is always best to subscribe to any Security or Update mailing list provided
by the Authors of the script(s) you are running.
The FutureQuest Team
