WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver. Juoko Pynnonen of Klikki Oy reported a new and unpatched stored cross-site scripting vulnerability in the platform; a similar bug was patched this week by WordPress developers, but only 14 months after it was reported.
Source : https://threatpost.com/details-on-wordpress-zero-day-disclosed/112435#sthash.JpLlNFjO.dpuf
Source : https://threatpost.com/details-on-wordpress-zero-day-disclosed/112435
Source : https://wpvulndb.com/vulnerabilities/7945 – The Fix