0.013 Low
EPSS
Percentile
86.1%
This vulnerability exists in the Legacy theme preview implementation in wp-includes/theme.php. It allows an attacker to inject arbitrary HTML or web script via a crafted string.
Update the theme.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5734