CVE-2015-5732

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.2.4

Description A cross-site scripting (XSS) issue exists in the form function in the WP Nav Menu Widget class. This allows remote attackers to inject arbitrary web script or HTML via a widget title.

Recommendations For versions prior to 4.2.4, update to version 4.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the ability to edit widget titles to trusted users until the update is applied.