Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2015-5623

Published: 03/08/2015 Updated: 21/09/2017
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 357
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

WordPress prior to 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

debian debian linux 8.0

Vendor Advisories

Debian Security Advisories: DSA-3328-1 wordpress -- security update
Several vulnerabilities have been found in Wordpress, the popular blogging engine CVE-2015-3429 The file examplehtml in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a bit more ...

Github Repositories

https://github.com/AGENTGOOBER/CyberSecurityWeek7

My assignment for week 7

CyberSecurityWeek7 My assignment for week 7 Exploit 1: [!] Title: WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Reference: wpvulndbcom/vulnerabilities/7945 Reference: klikkifi/adv/wordpress2html Reference: packetstormsecuritycom/files/131644/ Reference: wwwexploit-dbcom/exploits/36844/ [i] Fixed in: 421 Source

https://github.com/SofCora/pentesting_project_sofcora

pen testing project for codepath fall 2022

pentesting_project_sofcora pen testing project for codepath fall 2022 Time spent: 25-30 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report (Required) Vulnerability Name or ID Cross-site scripting in post title Summary: Vulnerability types: WordPress <= 422 - Authenticated

https://github.com/JamesNornand/CodePathweek7

CodePathweek7 Project 7 - WordPress Pentesting Time spent: 10 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE-2016-4566 Summary: Vulnerability types: WordPress <= 451 - Pupload Same Origin Method Execution (SOME) Tested in version: 311 Fixed in version: 452

https://github.com/ayushg97/codepath-week7

Project 7 - WordPress Pentesting Time spent: 13 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Unauthenticated Stored Cross-Site Scripting (XSS) Summary: If wordpress stored text over 64 kb in the database, it was truncated, and displaying after it was fetched from the data

References

CWE-284https://wordpress.org/news/2015/07/wordpress-4-2-3/https://core.trac.wordpress.org/changeset/33357http://openwall.com/lists/oss-security/2015/07/23/18http://codex.wordpress.org/Version_4.2.3http://www.debian.org/security/2015/dsa-3328http://www.securityfocus.com/bid/76011https://wpvulndb.com/vulnerabilities/8111http://www.securitytracker.com/id/1033037https://nvd.nist.govhttps://www.debian.org/security/./dsa-3328https://github.com/AGENTGOOBER/CyberSecurityWeek7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook