- The attackers can conduct cross-site scripting attacks via unspecified vectors, because of wp-includes/formatting.php in attempts to enable clickable links inside attributes.
- Update WordPress.
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
- Name CVE-2012-2403
Fixed In 3.3.2
- Disclosure date