Description
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.
Remediation
References
Related Vulnerabilities
WordPress Plugin Really Simple Guest Post Local File Inclusion (1.0.6)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)
PostgreSQL Untrusted Search Path Vulnerability (CVE-2020-10733)
WordPress Plugin Global Flash Galleries Cross-Site Scripting (0.13.4)
WordPress Plugin OdiHost Newsletter 'openstat.php' SQL Injection (1.0)