CVE-2016-5834 — Cross-site Scripting in Wordpress
Severity
6.1MEDIUMNVD
EPSS
1.2%
top 20.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 29
Latest updateMay 17
Description
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages3 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-pj25-83q9-ppf3: Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template↗2022-05-17
GHSA▶
GHSA-6r5w-j94p-fpmf: Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table↗2022-05-17
OSV▶
CVE-2016-5833: Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table↗2016-06-29
OSV▶
CVE-2016-5834: Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template↗2016-06-29
📋Vendor Advisories
2💬Community
3Bugzilla▶
CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release↗2016-06-23
Bugzilla▶
CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release [fedora-all]↗2016-06-23
Bugzilla▶
CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release [epel-all]↗2016-06-23