2.1
CVSSv2

CVE-2014-5240

Published: 18/08/2014 Updated: 25/11/2015
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress prior to 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 3.0.5

wordpress wordpress 3.0.6

wordpress wordpress 3.1

wordpress wordpress 3.1.1

wordpress wordpress 3.5.0

wordpress wordpress 3.5.1

wordpress wordpress 3.6

wordpress wordpress 3.6.1

wordpress wordpress 3.0.1

wordpress wordpress 3.0.3

wordpress wordpress 3.1.3

wordpress wordpress 3.2

wordpress wordpress 3.4.0

wordpress wordpress 3.7

wordpress wordpress 3.0.2

wordpress wordpress 3.2.1

wordpress wordpress 3.1.4

wordpress wordpress 3.0

wordpress wordpress 3.3.3

wordpress wordpress

wordpress wordpress 3.9.0

wordpress wordpress 3.7.1

wordpress wordpress 3.0.4

wordpress wordpress 3.3.2

wordpress wordpress 3.1.2

wordpress wordpress 3.3.1

wordpress wordpress 3.8

wordpress wordpress 3.8.1

wordpress wordpress 3.3

wordpress wordpress 3.4.2

wordpress wordpress 3.4.1

debian debian linux 7.0

Vendor Advisories

Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure More information can be found in the upstream advisory at wordpressorg/news/2014/08/wordpress-3-9-2/ For the stable distribution (wheezy), these problems have been fixed in version 361+dfsg-1~deb7u4 ...