With the malicious code embedded into websites, the attacker can then piggyback on the trust level of the website and launch a variety of attacks.

The bugs include a reflected cross-site scripting glitch and a cross-site request forgery vulnerability.

Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin.

IBM fixed a cross-site scripting vulnerability in its Worklight and MobileFirst products that could have let an attacker steal sensitive information.

Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user’s session.

Adobe released an important security hotfix for several versions of Coldfusion, resolving two bugs, Tuesday morning.

Siemens line RUGGEDCOM NMS products suffers from vulnerabilities that could allow an attacker to perform administrative actions.

WordPress fixed three security issues, including a XSS and SQL injection, with WordPress 4.7.2 this week.

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.

Researchers found a third of the top WordPress e-commerce plugins contain severe vulnerabilities tied to XSS cross-site scripting, SQL injection and file manipulation flaws.