WordPress <= 4.5.2 - XSS #2

WordPress 4.5.2 and previous versions are prone to a cross-site scripting vulnerability in the columntitle function in wp-admin/includes/class-wp-media-list-table.php. It allows an attacker to inject arbitrary web script or HTML via a crafted attachment name. Related:...