Test ID:	1.3.6.1.4.1.25623.1.0.808036
Category:	Web application abuses
Title:	WordPress < 4.5.2 Multiple XSS Vulnerabilities (May 2016) - Windows
Summary:	WordPress is prone to multiple cross-site scripting (XSS); vulnerabilities in third-party libraries.
Description:	Summary: WordPress is prone to multiple cross-site scripting (XSS) vulnerabilities in third-party libraries. Vulnerability Insight: The following flaws in third-party libraries exist: - CVE-2016-4566: XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9 - CVE-2016-4567: XSS vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0 Vulnerability Impact: Successfully exploiting these issues allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship. Affected Software/OS: - CVE-2016-4566: Versions through 4.5.1 - CVE-2016-4567: Versions 4.2.x through 4.5.1 Solution: Update to version 4.5.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4566 https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e https://wpvulndb.com/vulnerabilities/8489 http://www.openwall.com/lists/oss-security/2016/05/07/2 http://www.securitytracker.com/id/1035818 Common Vulnerability Exposure (CVE) ID: CVE-2016-4567 https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c https://wpvulndb.com/vulnerabilities/8488
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.