ThreatPress

WordPress Vulnerabilities Database

Back

WordPress 3.7-4.9.1 - Cross-Site Scripting vulnerability

Product
WordPress
Description
Cross-Site Scripting vulnerability found in WordPress 3.7-4.9.1 versions in the Flash fallback files in MediaElement, a library that is included with WordPress.
Solution
Update your Wordpress to the latest available version (at least 4.9.2).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
WordPress version log
CVE
Name CVE-N/A
Versions
Affected In <=4.9.1
Fixed In 4.9.2
Disclosure date
2018-01-17
Submitter
ThreatPress