Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2015-5622

Published: 03/08/2015 Updated: 04/11/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 316
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in WordPress prior to 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734: 4.2.3 and earlier multiple vulnerabilities
Debian Bug report logs - #794560 wordpress: CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734: 423 and earlier multiple vulnerabilities Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: ...
Debian CVElist Bug Report Logs: wordpress: CVE-2015-5714 CVE-2015-5715
Debian Bug report logs - #799140 wordpress: CVE-2015-5714 CVE-2015-5715 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 16 Sep 2015 08:57:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in ...
Debian Security Advisories: DSA-3332-1 wordpress -- security update
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a bit more strict, which may affect your installation This is the correct ...
Debian Security Advisories: DSA-3328-1 wordpress -- security update
Several vulnerabilities have been found in Wordpress, the popular blogging engine CVE-2015-3429 The file examplehtml in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a bit more ...
Debian Security Advisories: DSA-3383-1 wordpress -- security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a ...

Github Repositories

https://github.com/yjcho321/CodePath7

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Authenticated Shortcode Tags Cross-Site Scripting (XSS) Summary: Vulnerability types: Cross-Site Scripting (CVE 2015-5714) Tested in version: 42 Fixed in version: 431 GIF Wa

https://github.com/vkril/Cybersecurity-Week-7-Project-WordPress-vs.-Kali

Cybersecurity-Week-7-Project-WordPress-vs-Kali Project 7 - WordPress Pentesting Time spent: 45 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Authenticated Stored Cross-Site Scripting (XSS) ID: CVE-2015-5622 Summary: Vulnerability types: XSS Tested in version: 42 Fixed

https://github.com/AGENTGOOBER/CyberSecurityWeek7

My assignment for week 7

CyberSecurityWeek7 My assignment for week 7 Exploit 1: [!] Title: WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Reference: wpvulndbcom/vulnerabilities/7945 Reference: klikkifi/adv/wordpress2html Reference: packetstormsecuritycom/files/131644/ Reference: wwwexploit-dbcom/exploits/36844/ [i] Fixed in: 421 Source

https://github.com/thumb2267/WordPress_Pentesting

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Unauthenticated Stored Cross-Site Scripting(CVE-2015-3440) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 421 GIF Walkthrough:

https://github.com/SofCora/pentesting_project_sofcora

pen testing project for codepath fall 2022

pentesting_project_sofcora pen testing project for codepath fall 2022 Time spent: 25-30 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report (Required) Vulnerability Name or ID Cross-site scripting in post title Summary: Vulnerability types: WordPress <= 422 - Authenticated

https://github.com/HarryMartin001/WordPress-vs.-Kali-Week-7-8

Project 7 - WordPress Pen Testing Time spent: 12 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 Authenticated Stored Cross-Site Scripting (XSS) ID: CVE-2015-5622 Summary: Vulnerability types:XSS Tested in version:42 Fixed in version:423 GIF Walkthrough:

https://github.com/mattdegroff/CodePath_Wk7

Project 7 - WordPress Pentesting Time spent: 3 hours spent in total Objective: Find, analyze, recreate, and document three vulnerabilities affecting an old version of WordPress Authenticated Stored Cross-Site Scripting - CVE-2015-5622 Summary: Cross-site scripting (XSS) vulnerability in WordPress before 423 allows remote authenticated users to inject arbitrary web script

https://github.com/GianfrancoLeto/CodepathWeek7

Week 7 WordPress Exploits

Project 7 - WordPress Pentesting Time spent: 3 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report WordPress <= 422 - Authenticated Stored Cross-Site Scripting (XSS) (CVE-2015-5622) Summary: This is an XSS attack used to inject js into WordPress comments It is trigger

https://github.com/j5inc/week7

Project 7 - WordPress Pentesting Time spent: Approximately 4 hours Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Large File Upload Error XSS Summary: Vulnerability type: XSS Tested in version: 42 Fixed in version: 4215 GIF Walkthrough:

https://github.com/ayushg97/codepath-week7

Project 7 - WordPress Pentesting Time spent: 13 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Unauthenticated Stored Cross-Site Scripting (XSS) Summary: If wordpress stored text over 64 kb in the database, it was truncated, and displaying after it was fetched from the data

https://github.com/ramonpetgrave64/Cybersecurity-University-Week-7-Wordpress

example attacks on Wordpress

Cybersecurity-University-Week-7-Wordpress example attacks on Wordpress Project 7 - WordPress Pentesting Time spent: 10 hours spent in total Objective: Find, analyze, recreate, and document vulnerabilities affecting an old version of WordPress Pentesting Report WordPress 42 - Commenting XSS, CVE 2015-3440 Summary: This is a stored XSS attack affecting the comment system

https://github.com/Calberrycoder/CodePath-Assignments

CodePath-Assignments Project 7 - WordPress Pentesting Time spent: 6 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE 2015-5622 Wordpress 43 - Authenticated Shortcode Tags Cross-Site Scripting Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 43

https://github.com/zakia00/Week7Lab

Week7Lab -Exploit #1: WordPress 42 - Persistent Cross-Site Scripting: Description: WordPress 42 is vulnerable to a stored XSS A user can inject JavaScript code in WordPress comments The user first makes the comment text too long (at least 64 KB because The MySQL TEXT type size limit is 64 kilobytes) such that it is inserted into the database as truncated The truncation r

References

CWE-79https://core.trac.wordpress.org/changeset/33359https://wordpress.org/news/2015/07/wordpress-4-2-3/http://openwall.com/lists/oss-security/2015/07/23/18http://codex.wordpress.org/Version_4.2.3http://www.debian.org/security/2015/dsa-3328https://klikki.fi/adv/wordpress3.htmlhttps://wpvulndb.com/vulnerabilities/8111http://www.securityfocus.com/bid/76011http://www.debian.org/security/2015/dsa-3332http://www.securitytracker.com/id/1033037http://www.debian.org/security/2015/dsa-3383https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560https://github.com/AGENTGOOBER/CyberSecurityWeek7https://www.debian.org/security/./dsa-3332
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook