More than a dozen WordPress plugins have been updated to patch vulnerabilities that allow attackers to inject potentially dangerous commands into the browsers of people visiting trusted websites. Administrators responsible for WordPress sites should make sure the fixes are installed as soon as possible.
The
cross-site scripting (XSS) vulnerabilities make it possible for hackers to concoct special address URLs that inject client-side code into vulnerable Web pages viewed by visitors. Exploits can steal highly sensitive authentication cookies, which give users access to their private accounts without having to enter a password. XSS attacks can also change the content inside a vulnerable Web page. Along with SQL injection exploits, XSS attacks are among the most common class of attacks carried out on the Internet.
