Version 4.3.1 Exploit: Wordpress

The most widely documented exploit affecting the 4.3.x branch is a reflective Cross-Site Scripting (XSS) vulnerability. The issue resided in the wp-includes/feed.php file. Specifically, the feed generator output did not properly escape the esc_url function when handling the href attribute in the <atom:link rel="self"> tag.

POST /wp-admin/post.php HTTP/1.1 ... post_ID=1&action=sticky&sticky[]=99999999</title><script>alert(1)</script> wordpress version 4.3.1 exploit

Do not use the "Update Now" button. The incremental update path from 4.3.1 to 6.x is fraught with PHP version conflicts and database collation errors. The most widely documented exploit affecting the 4

A malicious script could be executed in the browser of any user (including administrators) who viewed the compromised post, potentially leading to session hijacking or site defacement. 2. User List Table XSS (CVE-2015-7989) wordpress version 4.3.1 exploit