CVE-2016-7168 log

Severity Medium
Remote Yes
Type Cross-site scripting
A cross-site scripting vulnerability has been discovered via a malicious image filename, reported by SumOfPwn researcher Cengiz Han Sahin. A WordPress admin can be tricked into uploading a malicious image file requested by a user this admin trusts or a popular malicious image that was spread via social media.
Group Package Affected Fixed Severity Status Ticket
AVG-39 wordpress 4.6.0-1 4.6.1-1 High Fixed
Date Advisory Group Package Severity Type
30 Sep 2016 ASA-201609-32 AVG-39 wordpress High multiple issues