Description

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Remediation

References

CVE-2012-2403

Related Vulnerabilities

WordPress Plugin WP Activity Log SQL Injection (4.1.4)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Privilege Escalation (2.0.50)

MySQL CVE-2021-2169 Vulnerability (CVE-2021-2169)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20418)

WordPress Plugin Video Gallery /w YouTube, Vimeo Multiple Vulnerabilities (8.80)

Severity

Medium

Classification

CVE-2012-2403 CWE-707

Tags

Missing Update Known Vulnerabilities