WordPress <= 4.2.3 - XSS #2

This vulnerability exists in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in the “form” function. It allows remote attackers to inject arbitrary web script or HTML via a widget title.

Related records:

http://db.threatpress.com/vulnerability/wordpress/wordpress-4-2-3-xss

Solution

           Update WordPress.