Cross-Domain Flash Injection Vulnerability in WordPress 4.8.2

Cross-Domain Flash Injection Vulnerability in WordPress 4.8.2

CVE-2016-9263 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.

Learn more about our Web Application Penetration Testing UK.