Wordfence, a WordPress security software company, published details about a vulnerability in popular WordPress SEO software SEOPress. Before making the announcement, WordFence communicated the details of the vulnerability to the publishers of SEOPress who promptly fixed the issue and published a patch to fix it.
According to WordFence:
“This flaw made it possible for an attacker to inject arbitrary web scripts on a vulnerable site which would execute anytime a user accessed the “All Posts” page.”
The United States government National Vulnerability Database website listed the Wordfence…