Vulnerabilities

CVE-2014-5240

by Fred · 18/08/2014

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.

Date published : 2014-08-18

https://core.trac.wordpress.org/changeset/29398

WordPress 3.9.2 Security Release

Similar

Tags: Cybersecurity Alert