CVE-2016-5833

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.5.3

Description A cross-site scripting (XSS) issue exists due to insufficient input validation in the column title function. This allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name.

Recommendations For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-admin/includes/class-wp-media-list-table.php file until a patch is applied. Avoid using crafted attachment names in the affected function until the issue is resolved.