CVE-2014-9035

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 3.7.5 WordPress versions 3.8.x prior to 3.8.5 WordPress versions 3.9.x prior to 3.9.3 WordPress versions 4.x prior to 4.0.1

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This could potentially lead to unauthorized actions on behalf of the user.

Recommendations For WordPress versions prior to 3.7.5, update to version 3.7.5 or later. For WordPress versions 3.8.x prior to 3.8.5, update to version 3.8.5 or later. For WordPress versions 3.9.x prior to 3.9.3, update to version 3.9.3 or later. For WordPress versions 4.x prior to 4.0.1, update to version 4.0.1 or later.