Description
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Animate It! Cross-Site Request Forgery (2.3.5)
Apache Tomcat Improper Locking Vulnerability (CVE-2019-10072)
WordPress Plugin GEO my WordPress Unspecified Vulnerability (2.6.1.1)
MySQL CVE-2022-21287 Vulnerability (CVE-2022-21287)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-9858)