CVE-2016-7168

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.6.1

Description A cross-site scripting (XSS) issue exists due to a vulnerability in the media handle upload function. This could allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file with a crafted filename.

Recommendations For versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting image uploads to trusted administrators only until the update is applied.