ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (visual editor)

Product
WordPress
Description
Cross-Site Scripting (XSS) vulnerability found by Rodolfo Assis in WordPress (visual editor) version 4.8.1 and earlier versions.
Solution
Update the WordPress to the latest available version (at least 4.8.2).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
WordPress 4.8.2 Security release page
CVE
Name CVE-N/A
Versions
Affected In <=4.8.1
Fixed In 4.8.2
Disclosure date
2017-09-19
Credits
Rodolfo Assis
Submitter
ThreatPress