CVE-2017-5488

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.7.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the name or version header of a plugin in the wp-admin/update-core.php file.

Recommendations For versions prior to 4.7.1, update to version 4.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-admin/update-core.php file to minimize the risk of exploitation. Avoid using the name and version headers of plugins in the affected file until the issue is resolved.