ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (plugin editor)

Product
WordPress
Description
Cross-Site Scripting (XSS) vulnerability found by Chen Ruiqi in WordPress (plugin editor) version 4.8.1 and earlier versions.
Solution
Update the WordPress to the latest available version (at least 4.8.2).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
WordPress 4.8.2 Security release page
CVE
Name CVE-N/A
Versions
Affected In <=4.8.1
Fixed In 4.8.2
Disclosure date
2017-09-19
Credits
Chen Ruiqi
Submitter
ThreatPress