2.1
CVSSv2

CVE-2014-5240

CVSSv4: NA | CVSSv3: NA | CVSSv2: 2.1 | VMScore: 310 | EPSS: 0.00085 | KEV: Not Included
Published: 18/08/2014 Updated: 21/11/2024

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress prior to 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

wordpress wordpress 3.0

wordpress wordpress 3.0.1

wordpress wordpress 3.0.2

wordpress wordpress 3.0.3

wordpress wordpress 3.0.4

wordpress wordpress 3.0.5

wordpress wordpress 3.0.6

wordpress wordpress 3.1

wordpress wordpress 3.1.1

wordpress wordpress 3.1.2

wordpress wordpress 3.1.3

wordpress wordpress 3.1.4

wordpress wordpress 3.2

wordpress wordpress 3.2.1

wordpress wordpress 3.3

wordpress wordpress 3.3.1

wordpress wordpress 3.3.2

wordpress wordpress 3.3.3

wordpress wordpress 3.4.0

wordpress wordpress 3.4.1

wordpress wordpress 3.4.2

wordpress wordpress 3.5.0

wordpress wordpress 3.5.1

wordpress wordpress 3.6

wordpress wordpress 3.6.1

wordpress wordpress 3.7

wordpress wordpress 3.7.1

wordpress wordpress 3.8

wordpress wordpress 3.8.1

wordpress wordpress 3.9.0

debian debian linux 7.0

Vendor Advisories

Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure More information can be found in the upstream advisory at wordpressorg/news/2014/08/wordpress-3-9-2/ For the stable distribution (wheezy), these problems have been fixed in version 361+dfsg-1~deb7u4 ...