Lucene search
Veracode Vulnerability DatabaseVERACODE:4772HistoryJul 28, 2017 - 3:59 a.m.
Cross-Site Scripting (XSS)
2017-07-2803:59:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
0.013 Low
EPSS
Percentile
86.1%
WordPress is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary webscript through the legacy theme preview implementation in wp-includes/theme.php by passing a string to it.
References
openwall.com/lists/oss-security/2015/08/04/7
www.debian.org/security/2015/dsa-3332
www.debian.org/security/2015/dsa-3383
www.securityfocus.com/bid/76331
www.securitytracker.com/id/1033178
blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
codex.wordpress.org/Version_4.2.4
core.trac.wordpress.org/changeset/33549
wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/
wpvulndb.com/vulnerabilities/8133
Related
patchstack
patchstack
WordPress Legacy Theme <= 4.2.3 - XSS
2015-08-04 00:00:00
wpvulndb
wpvulndb
WordPress <= 4.2.3 - Legacy Theme Preview Cross-Site Scripting (XSS)
2015-08-05 00:00:00
debiancve
debiancve
CVE-2015-5734
2015-11-09 11:59:06
cve
cve
CVE-2015-5734
2015-11-09 11:59:06
ubuntucve
ubuntucve
CVE-2015-5734
2015-11-09 00:00:00
cvelist
cvelist
CVE-2015-5734
2015-11-09 11:00:00
nvd
nvd
CVE-2015-5734
2015-11-09 11:59:06
prion
prion
Cross site scripting
2015-11-09 11:59:00
debian
debian
[SECURITY] [DLA 294-1] wordpress security update
2015-08-19 12:58:59
[SECURITY] [DSA 3332-1] wordpress security update
2015-08-11 19:55:16
[SECURITY] [DSA 3383-1] wordpress security update
2015-10-29 20:02:31
fedora
fedora
[SECURITY] Fedora 23 Update: wordpress-4.2.4-1.fc23
2015-08-10 10:04:17
[SECURITY] Fedora 22 Update: wordpress-4.2.4-1.fc22
2015-08-13 16:57:53
[SECURITY] Fedora 21 Update: wordpress-4.2.4-1.fc21
2015-08-13 16:54:48
nessus
nessus
Debian DLA-294-1 : wordpress security update
2015-08-20 00:00:00
WordPress < 4.2.4 Multiple Vulnerabilities
2015-12-17 00:00:00
Fedora 23 : wordpress-4.2.4-1.fc23 (2015-12750)
2015-08-11 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-294-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2015-0309)
2022-01-28 00:00:00
WordPress Multiple Vulnerabilities (Dec 2015) - Linux
2015-12-15 00:00:00
osv
osv
wordpress - security update
2015-08-19 00:00:00
wordpress - security update
2015-08-11 00:00:00
wordpress - regression update
2015-08-11 00:00:00
archlinux
archlinux
wordpress: multiple issues
2015-08-07 00:00:00
freebsd
freebsd
wordpress -- Multiple vulnerability
2015-08-04 00:00:00
mageia
mageia
Updated wordpress package fixes security vulnerability
2015-08-10 17:31:41
securityvulns
securityvulns
WiFi Pineapple protection bypass
2015-08-24 00:00:00
[SECURITY] [DSA 3332-1] wordpress security update
2015-08-24 00:00:00