Cross-site scripting (XSS) vulnerability in the theme...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Description
Published by the National Vulnerability Database
Jan 15, 2017
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Feb 3, 2023
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
References