WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).

According to its self-reported version number, the detected WordPress application is affected by a cross-site scripting vulnerability in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.9.2.
It is, therefore, affected by a cross-site scripting vulnerability.

ID	Name	Product	Family	Severity
98343	WordPress 3.7.x < 3.7.25 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98342	WordPress 3.8.x < 3.8.25 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98341	WordPress 3.9.x < 3.9.23 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98340	WordPress 4.0.x < 4.0.22 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98339	WordPress 4.1.x < 4.1.22 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98338	WordPress 4.2.x < 4.2.19 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98337	WordPress 4.3.x < 4.3.15 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98336	WordPress 4.4.x < 4.4.14 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98335	WordPress 4.5.x < 4.5.13 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98334	WordPress 4.6.x < 4.6.10 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98333	WordPress 4.7.x < 4.7.9 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98332	WordPress 4.8.x < 4.8.5 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
98331	WordPress 4.9.x < 4.9.2 MediaElement.js Flash Fallback XSS	Web App Scanning	Component Vulnerability	medium
106304	WordPress < 4.9.2 MediaElement.js Flash Fallback XSS	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2018-5776

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium