Wordpress Comments XSS Exploit

A cross-site scripting vulnerability exists in the comments rendering in Wordpress 4.1.1 and previous versions. This exploit abuses a persistent cross site scripting vulnerability in Wordpress to install an OS Agent in the server running the Wordpress installation. This update includes a module that posts a comment with the cross site scripting code as a comment in a Wordpress post. The javascript code will attempt to install a Wordpress plugin everytime the post comment is rendered. The plugin will in turn install an OS agent in the server running Wordpress. This update adds the option to use the module in a verification mode, so a comment can be posted to verify if it would be moderated with the current webapps scenario in use.
Platform: 
Vulnerabilty ID: 
NOCVE-9999-71907
Product Version: 
2014_R2
Released Date: 
Tuesday, May 12, 2015 - 00:00