Description
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3463 Vulnerability (CVE-2017-3463)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20415)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3221)
WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.8.6)