Description
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.
Remediation
References
Related Vulnerabilities
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-16107)
WordPress Plugin InfiniteWP Client Security Bypass (1.9.4.4)
WordPress Plugin Download Manager Directory Traversal (3.2.54)
WordPress Plugin Parsian Bank Woocommerce Cross-Site Scripting (1.0)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5715)