Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-3440

Published: 03/08/2015 Updated: 06/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 439
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Debian Linux

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress prior to 4.2.1 allows remote malicious users to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 7.0

debian debian linux 8.0

wordpress wordpress

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: New critical security release available: 4.1.2 (CVE-2015-3438 CVE-2015-3439)
Debian Bug report logs - #783347 wordpress: New critical security release available: 412 (CVE-2015-3438 CVE-2015-3439) Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Christer Mjellem Strand <dilldall@bjorkorg> ...
Debian CVElist Bug Report Logs: wordpress: New critical security release available: 4.2.1 (CVE-2015-3440)
Debian Bug report logs - #783554 wordpress: New critical security release available: 421 (CVE-2015-3440) Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Mon, 27 Apr 2015 22:24:02 UTC Severity: important Tags: security Found ...
Debian Security Advisories: DSA-3250-1 wordpress -- security update
Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands More information can be found in the upstream advisories at wordpressorg/news/ ...

Exploits

Exploit DB: WordPress 4.2 - Persistent Cross-Site Scripting
Source: klikkifi/adv/wordpress2html ## Overview Current versions of WordPress are vulnerable to a stored XSS An unauthenticated attacker can inject JavaScript in WordPress comments The script is triggered when the comment is viewed If triggered by a logged-in administrator, under default settings the attacker can leverage the vulne ...

Github Repositories

https://github.com/alem-m/WordPressVSKali

Pen-testing - Finding, analyzing, recreating, and documenting five vulnerabilities affecting an old version of WordPress

Project 7 - WordPress Pen Testing Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 Unauthenticated Stored Cross-Site Scripting (CVE-2015-3440) Summary: An unathorized user/attacker can inject JavaScrip in WordPress comments, which will be triggered when the comment is viewed If triggered by a

https://github.com/YemiBeshe/Codepath-WP1

WordPress codepath week seven Presentation on week7 EXPOIT 1:- Vulnerabilty CVE-2015-3440 WP version: 42 Remediation; Update to version: 475 Steps to exploit creat some post on the blog and logout visit the blog let go to the post and add a comment, and your coment shloud include xss <svg/onload-alert('XSS')> 1 Then view page source to confirm c

https://github.com/AAp04/Codepath-Week-7

Project 7 - WordPress Pen Testing Time spent: 15 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 (Required) Vulnerability Name or ID Summary: Vulnerability types: XSS (CVE-2015-5714) Tested in version: 42 (affects versions 40 - 43 Fixed in version: 425 GIF Walkth

https://github.com/zmh68/codepath-w07

codepath week 7 assignment

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) CVE-2015-3440 - Unauthenticated Stored Cross-Site Scripting Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 421 GIF Walkthrough:

https://github.com/thumb2267/WordPress_Pentesting

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Unauthenticated Stored Cross-Site Scripting(CVE-2015-3440) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 421 GIF Walkthrough:

https://github.com/JamesNornand/CodePathweek7

CodePathweek7 Project 7 - WordPress Pentesting Time spent: 10 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE-2016-4566 Summary: Vulnerability types: WordPress <= 451 - Pupload Same Origin Method Execution (SOME) Tested in version: 311 Fixed in version: 452

https://github.com/KushanSingh/Codepath-Project7

Contains the assignment for codepath week 7.

Project 7 - WordPress Pen Testing Time spent: 8 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 Unauthenticated Stored Cross Site Scripting (CVE-2015-3440) Summary: If the comment text is long enough, it will be truncated when inserted in the database which results in malf

https://github.com/mattdegroff/CodePath_Wk7

Project 7 - WordPress Pentesting Time spent: 3 hours spent in total Objective: Find, analyze, recreate, and document three vulnerabilities affecting an old version of WordPress Authenticated Stored Cross-Site Scripting - CVE-2015-5622 Summary: Cross-site scripting (XSS) vulnerability in WordPress before 423 allows remote authenticated users to inject arbitrary web script

https://github.com/GianfrancoLeto/CodepathWeek7

Week 7 WordPress Exploits

Project 7 - WordPress Pentesting Time spent: 3 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report WordPress <= 422 - Authenticated Stored Cross-Site Scripting (XSS) (CVE-2015-5622) Summary: This is an XSS attack used to inject js into WordPress comments It is trigger

https://github.com/j5inc/week7

Project 7 - WordPress Pentesting Time spent: Approximately 4 hours Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Large File Upload Error XSS Summary: Vulnerability type: XSS Tested in version: 42 Fixed in version: 4215 GIF Walkthrough:

https://github.com/kehcat/CodePath-Fall

week 7

Project 7 WordPress Pentesting Time spent: 10 hours in total Pentesting Report (Required) Vulnerability Name is Cross-site scripting Summary: Vulnerability types: Cross site scripting Tested in version: 42 Fixed in version: 475 GIF Walkthrough:

https://github.com/ramonpetgrave64/Cybersecurity-University-Week-7-Wordpress

example attacks on Wordpress

Cybersecurity-University-Week-7-Wordpress example attacks on Wordpress Project 7 - WordPress Pentesting Time spent: 10 hours spent in total Objective: Find, analyze, recreate, and document vulnerabilities affecting an old version of WordPress Pentesting Report WordPress 42 - Commenting XSS, CVE 2015-3440 Summary: This is a stored XSS attack affecting the comment system

https://github.com/zakia00/Week7Lab

Week7Lab -Exploit #1: WordPress 42 - Persistent Cross-Site Scripting: Description: WordPress 42 is vulnerable to a stored XSS A user can inject JavaScript code in WordPress comments The user first makes the comment text too long (at least 64 KB because The MySQL TEXT type size limit is 64 kilobytes) such that it is inserted into the database as truncated The truncation r

https://github.com/DinorahGV02/Codepath_Unit-7-Project-WordPress-vs.-Kali

Codepath Cybersecurity Assigment Week 7

Codepath_Unit-7-Project-WordPress-vs-Kali Codepath Cybersecurity Assigment Week 7 Project 7 - WordPress Pen Testing Time spent: 20 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) CVE-2015-3440 Sum

References

CWE-79https://klikki.fi/adv/wordpress2.htmlhttps://wordpress.org/news/2015/04/wordpress-4-2-1/http://seclists.org/fulldisclosure/2015/Apr/84http://codex.wordpress.org/Version_4.2.1https://core.trac.wordpress.org/changeset/32299http://www.debian.org/security/2015/dsa-3250http://packetstormsecurity.com/files/131644/WordPress-4.2-Cross-Site-Scripting.htmlhttps://wpvulndb.com/vulnerabilities/7945http://osvdb.org/show/osvdb/121320https://www.exploit-db.com/exploits/36844/http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.htmlhttp://www.securitytracker.com/id/1032199http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157391.htmlhttp://www.securityfocus.com/bid/74334https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783347https://www.exploit-db.com/exploits/36844/https://github.com/alem-m/WordPressVSKalihttps://www.debian.org/security/./dsa-3250
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook