Just a bit over a week ago, we released our new PHP security analysis; it checks your PHP projects for over 500 security vulnerabilities from categories such as XSS, different injection vulnerabilities, file inclusion, code execution and a lot more.
Yesterday, YOAST - a developer of several popular Wordpress plugins -, and others released several security updates that fix XSS vulnerabilities found by Scrutinizer. Since some of the potential attack vectors were found in several WordPress plugins, WordPress’s developer documentation was updated as part of the coordinate response, too. If you are using WordPress, make sure to upgrade your plugins to the latest versions.
XSS, short for cross-site scripting, allows an attacker to inject code into an HTML response, typically Javascript, that is then executed by your browser. It can be used to perform actions with your privileges, or obtain your data, and passwords. How seriously you are affected by this depends on several factors such as the browser you are using, and certain headers that sites sent for example.
Scrutinizer also found other vulnerabilities that are still being fixed at the moment. We will share more once the security releases have been made, and users have had a chance to upgrade.
Happy & Secure Coding! :)