EPSS
Percentile
36.4%
This vulnerability is in the wp-includes/pluggable.php. It allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Update WordPress.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240