CVE-2013-2201

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 3.5.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via several vectors, including uploads of media files, editing of media files, installation of plugins, updates to plugins, installation of themes, or updates to themes. This can be achieved through multiple cross-site scripting (XSS) vulnerabilities.

Recommendations For WordPress versions prior to 3.5.2, update to version 3.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the media file upload, editing, plugin installation, plugin update, theme installation, and theme update features until a patch is available.