Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.
XSS
WordPress
PHP
Debian Linux
NVD
CVSS 2.0
2.1
EPSS
0.6%