CVE-2013-0236

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 3.5.1

Description The issue involves multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can be achieved through vectors involving gallery shortcodes or the content of a post.

Recommendations For versions prior to 3.5.1, update to version 3.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of gallery shortcodes and limiting the ability to add arbitrary content to posts until the update is applied.