CVE-2015-5733

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.2.4

Description A cross-site scripting (XSS) issue exists due to insufficient input validation in the refreshAdvancedAccessibilityOfItem function. This allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.

Recommendations For versions prior to 4.2.4, update to version 4.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the nav-menu.js file in wp-admin/js to minimize the risk of exploitation.