Description
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.
Remediation
References
Related Vulnerabilities
phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-1941)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-2160)
Contao Improper Privilege Management Vulnerability (CVE-2021-37627)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-67639)
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-43438)