Description

Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.

Remediation

References

CVE-2015-5733

Related Vulnerabilities

Joomla! Core 3.x.x Multiple Vulnerabilities (3.0.0 - 3.6.4)

WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool Unspecified Vulnerability (1.12.22)

WordPress Plugin Premmerce Variation Swatches for WooCommerce Security Bypass (1.0)

Zenphoto Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-0993)

WordPress Plugin BuddyPress Multiple Security Bypass Vulnerabilities (7.2.1)

Severity

Medium

Classification

CVE-2015-5733 CWE-707

Tags

Missing Update Known Vulnerabilities