Description
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.
Remediation
References
Related Vulnerabilities
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000353)
WordPress Plugin Custom css-js-php Cross-Site Request Forgery (2.0.7)
WordPress Plugin Users Ultra Membership Cross-Site Scripting (1.5.78)
WordPress Plugin Display Users SQL Injection (2.0.0)
WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Scripting (3.0.9)