Description
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.
Remediation
References
Related Vulnerabilities
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5501)
WordPress Plugin Lana Email Logger Cross-Site Scripting (1.0.2)
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.2.2)
WordPress Plugin FAQ Multiple Cross-Site Scripting Vulnerabilities (1.0.14)
WordPress Plugin Service Area Postcode Checker Cross-Site Scripting (2.0.8)