CVE-2016-7168 log

Source
Severity Medium
Remote Yes
Type Cross-site scripting
Description
A cross-site scripting vulnerability has been discovered via a malicious image filename, reported by SumOfPwn researcher Cengiz Han Sahin. A WordPress admin can be tricked into uploading a malicious image file requested by a user this admin trusts or a popular malicious image that was spread via social media.
Group Package Affected Fixed Severity Status Ticket
AVG-39 wordpress 4.6.0-1 4.6.1-1 High Fixed
Date Advisory Group Package Severity Description
30 Sep 2016 ASA-201609-32 AVG-39 wordpress High multiple issues
References
http://www.openwall.com/lists/oss-security/2016/09/08/24