WordPress: MediaElements XSS

2017-12-18T18:51:37
ID H1:299112
Type hackerone
Reporter shay12tg
Modified 2018-02-15T23:14:12

Description

The reporter disclosed a reflected XSS vulnerability in MediaElement's Flash files, which are bundled in WordPress.

MediaElement and WordPress released versions 4.2.8 and 4.9.2, respectively, which resolve the issue.