Cross-site scripting vulnerability inwp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary webscript or HTML via a crafted excerpt.