WordPress column_title XSS Vulnerability (CVE-2016-5833)
WordPress column_title XSS Vulnerability (CVE-2016-5833)
Release date:
Updated on:
Affected Systems:
WordPress <= 4.5.2
Description:
CVE (CAN) ID: CVE-2016-5833
WordPress is a blog platform developed in PHP.
A cross-site scripting vulnerability exists in the wp-admin/shortdes/class-wp-media-list-table.php/column_title function of WordPress versions earlier than WordPress 4.5.3. Attackers can inject arbitrary Web scripts or HMTL by creating an attachment name.
<* Source: Jouko Pynn & #246; nen
Divyesh Prajapati
*>
Suggestion:
Vendor patch:
WordPress
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://codex.wordpress.org/Version_4.5.3
Https://wordpress.org/news/2016/06/wordpress-4-5-3/
This article permanently updates the link address: