Description
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
Remediation
References
Related Vulnerabilities
XWikiplatform Missing Authorization Vulnerability (CVE-2024-55876)
WordPress Plugin Dtracker Multiple Vulnerabilities (1.5)
MySQL CVE-2018-3173 Vulnerability (CVE-2018-3173)
WordPress Plugin Booster for WooCommerce Multiple Vulnerabilities (5.6.6)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-15132)