Lucene search
GoogleOSV:DSA-3328-1HistoryAug 04, 2015 - 12:00 a.m.
wordpress - security update
2015-08-0400:00:00
Google
osv.dev
6
0.004 Low
EPSS
Percentile
74.9%
Several vulnerabilities have been found in Wordpress, the popular
blogging engine.
- CVE-2015-3429
The file example.html in the Genericicons icon font package and
twentyfifteen Wordpress theme allowed for cross site scripting. - CVE-2015-5622
The robustness of the shortcodes HTML tags filter has been
improved. The parsing is a bit more strict, which may affect
your installation. - CVE-2015-5623
A cross site scripting vulnerability allowed users with the
Contributor or Author role to elevate their privileges.
The oldstable distribution (wheezy) is only affected by CVE-2015-5622.
This less critical issue will be fixed at a later time.
For the stable distribution (jessie), these problems have been fixed in
version 4.1+dfsg-1+deb8u2.
For the unstable distribution (sid), these problems have been fixed in
version 4.2.3+dfsg-1.
We recommend that you upgrade your wordpress packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress | eq | 4.1+dfsg-1 | |
| wordpress | eq | 4.1+dfsg-1+deb8u1 |
References
Related
nessus
nessus
Debian DSA-3328-1 : wordpress - security update
2015-08-13 00:00:00
WordPress < 3.7.9 / 3.8.9 / 3.9.7 / 4.1.6 / 4.2.3 Multiple Vulnerabilities
2015-07-29 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3328-1)
2015-08-03 00:00:00
Debian Security Advisory DSA 3328-1 (wordpress - security update)
2015-08-04 00:00:00
Mageia: Security Advisory (MGASA-2015-0290)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DSA 3328-1] wordpress security update
2015-08-04 06:51:55
[SECURITY] [DSA 3328-2] wordpress regression update
2015-08-04 15:36:24
[SECURITY] [DSA 3332-2] wordpress regression update
2015-10-29 18:58:02
securityvulns
securityvulns
[SECURITY] [DSA 3328-1] wordpress security update
2015-08-24 00:00:00
Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429
2015-05-11 00:00:00
freebsd
freebsd
wordpress -- XSS vulnerability
2015-07-23 00:00:00
wpvulndb
wpvulndb
WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
2015-07-23 00:00:00
Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)
2015-05-06 00:00:00
wpexploit
wpexploit
WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
2015-07-23 00:00:00
Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)
2015-05-06 00:00:00
mageia
mageia
Updated wordpress package fixes security vulnerabilities
2015-07-27 21:54:19
ubuntucve
ubuntucve
veracode
veracode
Bypass Access Restrictions
2017-07-28 10:45:49
prion
prion
Design/Logic Flaw
2015-08-03 14:59:00
Cross site scripting
2015-08-03 14:59:00
Cross site scripting
2015-06-17 18:59:00
cvelist
cvelist
hackerone
hackerone
Automattic: [bbPress] Stored XSS in any forum post.
2016-07-13 12:38:02
patchstack
patchstack
WordPress <= 4.2.2 - XSS
2015-07-23 00:00:00
WordPress Genericons Plugin <= 4.2.1 - XSS
2015-04-27 00:00:00
cve
cve
nvd
nvd
debiancve
debiancve
checkpoint_advisories
checkpoint_advisories
WordPress Genericons Cross-Site Scripting (CVE-2015-3429)
2016-03-10 00:00:00
WordPress post Request Privilege Escalation (CVE-2015-2212; CVE-2015-5623)
2015-07-28 00:00:00
thn
thn
WordPress Vulnerability Puts Millions of Websites At Risk
2015-05-06 23:58:00
packetstorm
packetstorm
WordPress Twenty Fifteen 4.2.1 Cross Site Scripting
2015-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: wordpress-4.2.4-1.fc22
2015-08-13 16:57:53
[SECURITY] Fedora 21 Update: wordpress-4.2.4-1.fc21
2015-08-13 16:54:48
osv
osv
wordpress - security update
2015-08-19 00:00:00
wordpress - security update
2015-08-11 00:00:00
wordpress - regression update
2015-08-11 00:00:00