Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-9031

Published: 25/11/2014 Updated: 05/10/2015
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress prior to 3.7.5, 3.8.x prior to 3.8.5, and 3.9.x prior to 3.9.3 allows remote malicious users to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

wordpress wordpress 3.8

wordpress wordpress 3.8.1

wordpress wordpress 3.8.2

wordpress wordpress 3.9.2

wordpress wordpress 3.8.4

wordpress wordpress 3.9.1

wordpress wordpress 3.8.3

wordpress wordpress 3.9

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: New critical security release available: 4.1.2 (CVE-2015-3438 CVE-2015-3439)
Debian Bug report logs - #783347 wordpress: New critical security release available: 412 (CVE-2015-3438 CVE-2015-3439) Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Christer Mjellem Strand <dilldall@bjorkorg> ...
Debian CVElist Bug Report Logs: wordpress: CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 (issues fixed in 4.0.1 security release)
Debian Bug report logs - #770425 wordpress: CVE-2014-9031 CVE-2014-9032 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 (issues fixed in 401 security release) Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bona ...
Debian CVElist Bug Report Logs: wordpress: New critical security release available: 4.2.1 (CVE-2015-3440)
Debian Bug report logs - #783554 wordpress: New critical security release available: 421 (CVE-2015-3440) Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Mon, 27 Apr 2015 22:24:02 UTC Severity: important Tags: security Found ...

Github Repositories

https://github.com/Prochainezo/xss2shell

Tool for abusing XSS vulnerabilities on Wordpress and Joomla! installations

XSS2SHELL v3 Changelog: v3 - "Hello Dolly" plugin is now used for backdooring WP; Themes are no longer used V2 - Added Joomla support Videos: Exploiting CVE-2014-9031 with XSS2SHELL (V3): youtube/hRIuaLQfOhs XSS2SHELL - Video Walkthrough & Introduction (V1): youtube/-EGUfPgK_lw XSS2SHELL is a piece of software which allows you to get instant p

References

CWE-79http://klikki.fi/adv/wordpress.htmlhttps://wordpress.org/news/2014/11/wordpress-4-0-1/http://openwall.com/lists/oss-security/2014/11/25/12http://seclists.org/fulldisclosure/2014/Nov/62http://www.debian.org/security/2014/dsa-3085http://www.mandriva.com/security/advisories?name=MDVSA-2014:233http://advisories.mageia.org/MGASA-2014-0493.htmlhttp://www.securitytracker.com/id/1031243http://www.securityfocus.com/bid/71237https://nvd.nist.govhttps://github.com/Prochainezo/xss2shellhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783347
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook