WordPress 4.2-4.5.1 – MediaElement.js Reflected Cross-Site Scripting (XSS) | CVE 2016-4567

Affects WordPress

4.2

Fixed in WordPress 4.5.2

4.2.1

Fixed in WordPress 4.5.2

4.2.3

Fixed in WordPress 4.5.2

4.2.2

Fixed in WordPress 4.5.2

4.2.4

Fixed in WordPress 4.5.2

4.3

Fixed in WordPress 4.5.2

4.3.1

Fixed in WordPress 4.5.2

4.2.5

Fixed in WordPress 4.5.2

4.4

Fixed in WordPress 4.5.2

4.2.6

Fixed in WordPress 4.5.2

4.3.2

Fixed in WordPress 4.5.2

4.4.1

Fixed in WordPress 4.5.2

4.4.2

Fixed in WordPress 4.5.2

4.3.3

Fixed in WordPress 4.5.2

4.2.7

Fixed in WordPress 4.5.2

4.5

Fixed in WordPress 4.5.2

4.5.1

Fixed in WordPress 4.5.2

References

CVE

CVE-2016-4567

URL

https://wordpress.org/news/2016/05/wordpress-4-5-2/

URL

https://github.com/WordPress/WordPress/commit/a493dc0ab5819c8b831173185f1334b7c3e02e36

URL

https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

60556c39-6fe7-4b69-a614-16202ba588ad

Timeline

Publicly Published

2016-05-06 (about 8 years ago)

Added

2016-05-06 (about 8 years ago)

Last Updated

2020-09-22 (about 3 years ago)

Other

Published

Title

Published

2019-06-18

Title

Seo by Rank Math <= 1.0.26 - XSS Issues

Published

2014-08-01

Title

Keyring <= 1.5 - OAuth Example Page XSS

Published

2011-09-27

Title

Antisnews < 1.10 - XSS

Published

2014-10-07

Title

Titan Framework 1.0.1-1.5.2 - Reflected Cross-Site Scripting (XSS)

Published

2015-08-24

Title

FV Flowplayer Video Player <= 6.0.3.3 - Authenticated Stored Cross-Site Scripting (XSS)