We have run an exclusive test on various sites and found an XSS bug on WordPress 4.6.1, which also means earlier versions of WordPress websites can be hacked. You can refer OpenBugBounty to see if your website is under threat.
Hackers can take advantage of this vulnerability and easily embed harmful codes into your website’s post title or comment cell. They are on the lookout for easy targets to obtain users’ personal information and database.
There are only two ways to avoid this persistent flaw. The first one is to disable your comment function. The other one is to use our newly-built plugin, a better way to prevent Cross-site scripting attacks. We are trying to help WordPress community and decide to release this for free – NinjaTeam WP XSS Patch.
Scan your web applications and beat them to it with NinjaTeam WP XSS Patch.
Tested and recommended!