WordPress MU Multiple XSS Vulnerabilities - Oct08

Summary
The host is running WordPress MU, which is prone to Multiple XSS Vulnerabilities.
Impact
Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site and attackers can steal cookie-based authentication credentials. Impact Level: Application
Solution
Update to Version 2.6 or later. http://wordpress.org/
Insight
The flaws are due to the 's' and 'ip_address' parameters in wp-admin/wp-blogs.php which is not properly sanitized before being returned to the user.
Affected
WordPress MU before 2.6 on all running platform.
References

Updated on 2017-03-28