Hopefully, you are with a quality hosting service and your site already has updated, but if not you need to update your WordPress code to 4.8.2.
The benefit of an open source codebase is that all the security analysts can read through every line of code for any possible way to ‘break’ into the system. After all, we publically acknowledge those who report. Mostly these vulnerabilities are purely theoretical, but we still like to shut the loophole before anyone starts making exploits to break in. The downside of open source is that as soon as the potential problem has been highlighted, we like to take action to secure the system as soon as possible.
What are all these XSS cross scripting problems anyhow?
These are places in WordPress where the software is taking an input or some sort. Instead of the usual data being given, a potential hacker will try and introduce PHP, javascript or MySQL code. The aim of the hacker is to get this code executed by WordPress, to gain information, or take control of the site.
Fictitious Example
As a programmer, I might want to take an input, like your name. Then store this information in a database and display it later. I have to protect against any malicious information being given instead. That could be code that might be executed when it is stored or displayed later. – when all it wanted was a name.
e.g. If a hacker, gave the name ‘show databases’ and then that was executed by the server, they would then have a list of all the databases. If that worked then they could follow up with other commands like ‘drop’ which would delete a database, or could use other commands to see the contents of the databases.
So, please update your WordPress site(s) as soon as possible. For larger commercial sites, you should be taking a backup of the site before, and then another straight afterwards.
It is like back to the first days of being a programmer in the 1980’s. I had a life experience adventure game to help children with learning about life. They would be given a scene and a set of options, but they were always trying to find a way to confuse or break the software with random inputs.
I apologise to all those programmers shouting at me for this example. I wanted something very simple and the example is now probably oversimplified now, but I hope it still makes the point.
Photo by Lewis Ngugi on Unsplash
