Description

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.

Remediation

References

CVE-2013-2201

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-0217)

WordPress Plugin dsSearchAgent:WordPress Edition Cross-Site Scripting (1.0-beta10)

WordPress Plugin AccessPress Custom Post Type includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)

Severity

Medium

Classification

CVE-2013-2201 CWE-707

Tags

Missing Update Known Vulnerabilities