CVE-2014-4855

Polylang WordPress plugin (before 1.5.2) is affected by a stored XSS via the user description field. The vulnerability allows remote injection of script/HTML; affected component is the Polylang plugin for WordPress, prior to version 1.5.2. Remediation observed in sources is to update to 1.5.2 or ...