cbcvebase.
CVE-2015-3440
published 2015-08-03

CVE-2015-3440: Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via…

PriorityP272medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
17.95%
96.8th percentile
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.

Affected

14 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianwordpress< wordpress 4.2.2+dfsg-1 (bookworm)wordpress 4.2.2+dfsg-1 (bookworm)
debianwordpress< wordpress 4.2.1+dfsg-1 (bookworm)wordpress 4.2.1+dfsg-1 (bookworm)
wordpresswordpress<= 4.2.1
wordpresswordpress<= 4.2
wordpresswordpress>= 0 < 4.2.2+dfsg-14.2.2+dfsg-1
wordpresswordpress>= 0 < 4.2.1+dfsg-14.2.1+dfsg-1
wordpresswordpress>= 0 < 4.2.2+dfsg-14.2.2+dfsg-1
wordpresswordpress>= 0 < 4.2.1+dfsg-14.2.1+dfsg-1
wordpresswordpress>= 0 < 4.2.2+dfsg-14.2.2+dfsg-1
wordpresswordpress>= 0 < 4.2.1+dfsg-14.2.1+dfsg-1
wordpresswordpress>= 0 < 4.2.2+dfsg-14.2.2+dfsg-1
wordpresswordpress>= 0 < 4.2.1+dfsg-14.2.1+dfsg-1

Detection & IOCsextracted from sources · hover to see the quote

pathwp-includes/wp-db.php
  • Detect oversized WordPress comment submissions: HTTP POST bodies to comment endpoints containing comment_content fields approaching or exceeding 64KB (MySQL TEXT type limit) should be flagged as potential CVE-2015-3440 exploitation attempts.
  • Look for malformed HTML in rendered WordPress comment output — specifically unclosed or attribute-injected tags resulting from database truncation of oversized comment text, which is the mechanism that enables script injection.
  • Attackers may bypass comment moderation by first posting a benign comment to gain approval, then submitting the malicious oversized payload. Correlate approved-commenter accounts with subsequent large comment submissions.
  • ·CVE-2015-3440 was only partially fixed in WordPress 4.2.1; the incomplete patch left a residual variant (CVE-2015-8834) that was not fully resolved until WordPress 4.2.2. Ensure the patched version is 4.2.2 or later, not merely 4.2.1.
  • ·The vulnerability is confirmed across multiple WordPress versions (4.2, 4.1.2, 4.1.1, 3.9.3) and multiple MySQL versions (5.1.53, 5.5.41), so version-based filtering of affected hosts must account for this broad range.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vulncheck4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.