John Dyer · Mediaelement · CVE-2018-5776
Name of the Vulnerable Software and Affected Versions:
WordPress versions prior to 4.9.2
Description:
The issue concerns a cross-site scripting (XSS) problem in the Flash fallback files in MediaElement, located under wp-includes/js/mediaelement.
Recommendations:
For WordPress versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue.