Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Max CVSS
2.1
EPSS Score
0.09%
Published
2014-08-18
Updated
2015-11-25
1 vulnerabilities found