CVE-2016-5834

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.5.3

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is due to a vulnerability in the wp get attachment link function. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to upload attachments with crafted names until a patch is applied.