ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (template names)

Product
WordPress
Description
Cross-Site Scripting (XSS) vulnerability found by Luka (sikic) in WordPress (template names) version 4.8.1 and earlier versions.
Solution
Update the WordPress to the latest available version (at least 4.8.2).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
WordPress 4.8.2 Security release page
CVE
Name CVE-N/A
Versions
Affected In <=4.8.1
Fixed In 4.8.2
Disclosure date
2017-09-19
Credits
Luka (sikic)
Submitter
ThreatPress