Description
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
Remediation
References
Related Vulnerabilities
Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)
WordPress 4.7.x Possible SQL Injection Vulnerability (4.7 - 4.7.6)
WordPress Plugin Remove Schema Cross-Site Request Forgery (1.4)
WordPress Plugin Shopp Arbitrary File Upload (1.4)
WordPress Plugin Falang multilanguage for WordPress Cross-Site Scripting (1.3.17)