The Iranian Ashiyane Digital Security Team (ADST) announced that it has found new WordPress vulnerabilities. It listed them as follows:
- WordPress JS External Link Info 1.21 Open Redirect Vulnerability
- WordPress Tubepress Plugin v 2 Cross Site Scripting
- WordPress No External links Plugin Open Redirect.
Cross Site Scripting (XSS) is a type of computer security vulnerability found in web applications that enables attackers to inject client-sides script into web pages viewed by other users. Open redirect is applications that redirect users to parameter value with no validation type. Vulnerability is used in phishing attacks.
Source: Irancybernews.org, January 14, 2016.