edit-icon download-icon

[Vulnerability notice] Storage-type XSS vulnerability in bbPress

Last Updated: Nov 23, 2017

Description

bbPress is a popular WordPress plug-in that enables forum features for WordPress blogs.

bbPress released an official update, fixing a storage-type XSS vulnerability. Attackers may exploit this vulnerability to steal the identification information of visitors or administrators to perform malicious or unauthorized operations.

Affected versions

bbPress < 2.5.9

Fix

  • Use Alibaba Cloud Security Web Application Firewall to intercept the attacking code for this vulnerability.

  • Upgrade bbPress to v2.5.9 or later versions.

Thank you! We've received your feedback.