Description
wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0704)
ReviveAdserver Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-22948)
WordPress Plugin WP Social Feed Gallery Unspecified Vulnerability (2.1.1)
WordPress Plugin VIDEO GALLERY 'upload1.php' Arbitrary File Upload (1.3)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0010)