Description
Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Remediation
References
Related Vulnerabilities
qdPM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-26165)
WordPress Plugin Symbiostock-Sell Photos Online For Free! Arbitrary File Upload (6.0.0)
PHP Improper Input Validation Vulnerability (CVE-2007-4840)
WordPress Plugin Header Footer Code Manager Cross-Site Scripting (1.1.16)
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)