Description
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.
Remediation
References
Related Vulnerabilities
Drupal CVE-2014-9016 Vulnerability (CVE-2014-9016)
Apache HTTP Server Other Vulnerability (CVE-2002-0661)
WordPress Plugin Video.js-HTML5 Video Player for Wordpress Cross-Site Scripting (4.5.0)
MySQL CVE-2020-14702 Vulnerability (CVE-2020-14702)
WordPress Plugin Easy Comment Uploads 'upload.php' Arbitrary File Upload (0.61)