Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "4.3+dfsg-1", "binary_name": "wordpress" }, { "binary_version": "4.3+dfsg-1", "binary_name": "wordpress-l10n" }, { "binary_version": "4.3+dfsg-1", "binary_name": "wordpress-theme-twentyfifteen" }, { "binary_version": "4.3+dfsg-1", "binary_name": "wordpress-theme-twentyfourteen" }, { "binary_version": "4.3+dfsg-1", "binary_name": "wordpress-theme-twentythirteen" } ] }