CVE-2015-5714 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting12 documents6 sources

Severity

6.1MEDIUMNVD

NVD5.4

EPSS

30.6%

top 3.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedMay 22

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 4.3.1+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.3.1+dfsg-1+3

▶NVDwordpress/wordpress4.3.0

Patches

Patch: codex.wordpress.org ↗Patch: wordpress.org ↗Patch: codex.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-92h3-fjv6-rmmc: Cross-site scripting (XSS) vulnerability in WordPress before 4↗2022-05-17

▶

GHSA

GHSA-2v2w-x4hx-4vf7: Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4↗2022-05-17

▶

OSV

CVE-2015-7989: Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4↗2016-05-22

▶

OSV

CVE-2015-5714: Cross-site scripting (XSS) vulnerability in WordPress before 4↗2016-05-22

▶

📋Vendor Advisories

WordPress

WordPress 4.3.1 Security and Maintenance Release↗2015-09-15

▶

Debian

CVE-2015-7989: wordpress - Cross-site scripting (XSS) vulnerability in the user list table in WordPress bef...↗2015

▶

Debian

CVE-2015-5714: wordpress - Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote...↗2015

▶

💬Community

Bugzilla

CVE-2015-5714 CVE-2015-5715 CVE-2015-7989 wordpress: XSS and permission issue fixed in wordpress 4.3.1 [fedora-all]↗2015-09-16

▶

Bugzilla

CVE-2015-5714 CVE-2015-5715 CVE-2015-7989 wordpress: XSS and permission issue fixed in wordpress 4.3.1 [epel-all]↗2015-09-16

▶

Bugzilla

CVE-2015-5714 CVE-2015-5715 CVE-2015-7989 wordpress: XSS and permission issue fixed in wordpress 4.3.1↗2015-09-16

▶