Description

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.

Remediation

References

CVE-2019-17672

Related Vulnerabilities

WordPress Plugin Simple Slide Show TimThumb Arbitrary File Upload (1.0)

WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)

WordPress Plugin WP Image Zoom Denial of Service (1.23)

WordPress Plugin One Click Upsell Funnel for WooCommerce Unspecified Vulnerability (2.0.0)

Lighttpd Other Vulnerability (CVE-2006-0814)

Severity

Medium

Classification

CVE-2019-17672 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities