The End of Cross-Site Scripting: WordPress 5.1.1 Released

Minutes

Older versions of WordPress make all posts vulnerable to cross-site scripting. But the cross-site scripting vulnerability in WordPress is a thing of the past now since the release of v5.1.1. The WordPress team have introduced several fixes in this new version. But first – What does a cross-site scripting vulnerability actually mean?

Dangers of cross-site scripting

Every website which has comments enabled is in danger of cross-site scripting because of the way comments are stored in the database. An attacker only needs a maliciously-crafted comment, their own website and a tricked WordPress admin. If that particular admin visits the malicious website, a cross-site request forgery (CSRF) exploit will run against the WordPress blog. That CSRF could lead to Remote Code Execution and a full take-over of the WordPress site. And you, the admin, won’t notice anything – until it’s too late.

How WordPress solved cross-site scripting vulnerabilities

WordPress 5.1.1 introduced many fixes and enhancements, but most importantly XSS-related ones. These work with the way comments are filtered. The fastest solution is to disable comments entirely – but who wants to create a non-inclusive space? The other option is to keep your WordPress sites regularly maintained. So we suggest you download the latest WordPress 5.1.1 version to safeguard your business.

Since WordPress is responsible for 30% of all websites, millions of sites are in danger. So if you’re a WordPress administrator, don’t fall victim to cross-site scripting. Also, be careful not to make these common website mistakes .

Perform a security check with WP Toolkit

Did you know that Plesk lets you experience one of the best WordPress Security Solutions? You can secure all your instances, plugins, and themes all from one dashboard. But you can also use WP Toolkit for its many other capabilities that simplify your WordPress admin workload tenfold. All you need is to install the Plesk all-in-one control panel first.

Find out more about the latest Remote WordPress Management release on Plesk WP Toolkit 4.0

Experienced cross-site scripting ? Tell us what you think of the new WordPress solution in the comments below

Share43

43 Shares

Elvis Plesky

Our fun and curious team mascot's always plugged into the latest trends. He's here to share his knowledge and help you solve your tech problems.

3 Comments

hyty

Nov 5, 2019 / 6:25 am # Link Reply

alert(“plesk”);
hyty

Nov 5, 2019 / 6:26 am # Link Reply

i have issue in this code “alert(“plesk”);” unable to load
- Debbie from Plesk
  
  Nov 12, 2019 / 6:12 pm # Link Reply
  
  Hey there, where do you receive this error? We will need more information in order to help you out.
  Could you kindly open a ticket for our support team? https://support.plesk.com/hc/en-us

Add a CommentCancel Reply

GET LATEST NEWS AND TIPS

Name*
Email*
Country*
Yes, please, I agree to receiving my personal Plesk Newsletter! WebPros International GmbH and other WebPros group companies may store and process the data I provide for the purpose of delivering the newsletter according to the WebPros Privacy Policy. In order to tailor its offerings to me, Plesk may further use additional information like usage and behavior data (Profiling). I can unsubscribe from the newsletter at any time by sending an email to [email protected] or use the unsubscribe link in any of the newsletters.
Hidden
Lead Source
Hidden
PL Business unit contact
- Yes
Hidden
Form Submission Name
Hidden
Form Submission Product
Plesk
Hidden
Form Submission Type
Hidden
Send DOI Plesk
- Yes