Description
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2010-1452)
WordPress Plugin Protected Posts Logout Button Security Bypass (1.4.5)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35615)
WordPress Plugin Chronoforms Cross-Site Request Forgery (7.0.9)
WordPress Plugin Spotlight Social Feeds [Block, Shortcode, and Widget] Cross-Site Scripting (1.4.2)