ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.4.1 - XSS

Product
WordPress
Description
WordPress before 4.4.1 is prone to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary script or HTML in the network settings page.
Solution
Update WordPress to 4.5.
Classification
Type XSS (Cross Site Scripting)
References
CVE Mitre
SecurityFocus
CVE
Name CVE-2016-6634
Versions
Affected In <= 4.4.1
Fixed In 4.5
Disclosure date
2016-04-12
Credits
Emanuel Bronshtein (@e3amn2l)