Description
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
Remediation
References
Related Vulnerabilities
WordPress Plugin MM Forms Community 'doajaxfileupload.php' Arbitrary File Upload (2.2.6)
WordPress Plugin Booking Privilege Escalation (2.4)
Grafana CVE-2022-39201 Vulnerability (CVE-2022-39201)
Oracle Database Server CVE-2019-2582 Vulnerability (CVE-2019-2582)
WordPress Plugin Visitor Traffic Real Time Statistics Cross-Site Request Forgery (2.12)