Fortinet Discovers WordPress (Core) Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a Cross-Site Scripting (XSS) vulnerability in WordPress CMS.
WordPress is one of the world's most popular content management system (CMS). WordPress is by far the most popular CMS with 60.4% of the market share. This means WordPress is used by 33.5% of all the websites online.
An XSS vulnerability has been discovered in WordPress 5.2.2 and earlier versions. The vulnerability is caused by inadequate input filtering of HTML encoded characters which can lead to XSS attacks in the Shortcode function.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Dec 24, 2018
Users should apply the solution provided by WordPress.
Fortinet reported the vulnerability to WordPress on December 11, 2018.
WordPress confirmed the vulnerability on December 24, 2018.
WordPress patched the vulnerability on September 5, 2019.
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.