WordPress Privilege Escalation through Post Types

17 Dec 2018 by Simon Scannell
WooCommerce Object Injection

A logic flaw in the way WordPress created blog posts allowed attackers to access features only administrators were supposed to have. This lead to a Stored XSS and Object Injection in the WordPress core and more severe vulnerabilities in WordPress’s most popular plugins Contact Form 7 and Jetpack.

Read More ...