Description
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
Remediation
References
Related Vulnerabilities
WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)
PHP Improper Input Validation Vulnerability (CVE-2017-7189)
WordPress Plugin uCan Post Multiple HTML Injection Vulnerabilities (1.0.09)
W3 Total Cache CVE-2019-6715 Vulnerability (CVE-2019-6715)
WordPress Plugin Custom Post Type UI Cross-Site Request Forgery (1.7.3)