Description
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
Remediation
References
Related Vulnerabilities
WordPress Plugin BezahlCode-Generator 'gen_name' Parameter Cross-Site Scripting (1.0)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7871)
phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)
WordPress Plugin Article Directory Redux Cross-Site Scripting (1.0.2)