WordPress <= 4.4.1

Back

WordPress <= 4.4.1 - XSS

Product: WordPress
Description: WordPress before 4.4.1 is prone to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary script or HTML in the network settings page.
Solution: Update WordPress to 4.5.
Classification: Type XSS (Cross Site Scripting)
References: CVE Mitre
SecurityFocus
CVE: Name CVE-2016-6634
Versions: Affected In <= 4.4.1
Fixed In 4.5
Disclosure date: 2016-04-12
Credits: Emanuel Bronshtein (@e3amn2l)