Sucuri has shared details about one of the cross-site scripting (XSS) vulnerabilities patched last week in WordPress. The flaw can be highly useful to attackers if combined with a content injection bug that has been exploited in the wild.
Article Link: http://feedproxy.google.com/~r/Securityweek/~3/x9YXvqgsECk/wordpress-content-injection-flaw-makes-xss-bug-more-severe