WordPress · Wordpress · CVE-2016-9263
**Name of the Vulnerable Software and Affected Versions**
WordPress versions prior to 4.8.3
**Description**
The issue allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the `flashmediaelement.swf` file in `wp-includes/js/mediaelement/`, when domain-based sandboxing is not used.
**Recommendations**
For WordPress versions prior to 4.8.3, update to version 4.8.3 or later to resolve the issue.