Description
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.
Remediation
References
Related Vulnerabilities
WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.18)
WordPress Plugin WP Spell Check Cross-Site Scripting (9.2)
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-23798)
WordPress Plugin Popup Anything-A Marketing Popup Cross-Site Scripting (2.0.3)
WordPress Plugin Currency Switcher for WooCommerce Security Bypass (2.11.1)