4.3
CVSSv2

CVE-2015-5714

Published: 22/05/2016 Updated: 04/11/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 387
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in WordPress prior to 4.3.1 allows remote malicious users to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered The issue has been fixed by not allowing unclosed HTML elements in attributes CVE-2015-5715 A vulnerability has been discovered, allowing user ...
Debian Bug report logs - #799140 wordpress: CVE-2015-5714 CVE-2015-5715 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 16 Sep 2015 08:57:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in ...
Several vulnerabilities were discovered in Wordpress, a web blogging tool The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a ...

Github Repositories

Cyber Security

Week 7 & 8 - Wordpress Penetration testing Vulnerability 1: Authenticated Stored Cross-Site Scripting via Image Filename Steps: Intro -The XSS code can be inserted as a crafted filename of any post attachment This post when viewed can cause malicious actions to occur on the viewers computer The file name given to the image to be used here is: <img src=a onerr

My assignment for week 7

CyberSecurityWeek7 My assignment for week 7 Exploit 1: [!] Title: WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Reference: wpvulndbcom/vulnerabilities/7945 Reference: klikkifi/adv/wordpress2html Reference: packetstormsecuritycom/files/131644/ Reference: wwwexploit-dbcom/exploits/36844/ [i] Fixed in: 421 Source

Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress, using wpscan in Kali linux.

Project 7 - WordPress Pentesting Time spent: 8 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Authenticated Stored Cross-Site Scripting via Image Filename Summary: Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/mediaphp in

Week 7 Assignment - WordPress Pentesting Time spent: 8 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Vulnerability Name or ID Summary: Legacy Theme Preview Cross-Site Scripting (XSS) Vulnerability types: Cross-site Scripting (XSS) Tested in version: 420 Fixed

CyberU Week 7 Assignment

Project 7 - WordPress Pentesting Time spent: 6 hours spent in total Objective: Find, analyze, recreate, and document three vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 4213 GIF Walkthro

Project 7 - WordPress Pentesting Time spent: 4 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds Summary: Vulnerability types: XSS (CVE-2017-6817) Tested in version: 42 (affects versions 40 - 472) Fixe

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Authenticated Shortcode Tags Cross-Site Scripting (XSS) Summary: Vulnerability types: Cross-Site Scripting (CVE 2015-5714) Tested in version: 42 Fixed in version: 431 GIF Wa

Project 7 - WordPress Pentesting Time spent: 10 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Vulnerability Name or ID: CVE-2015-5714 Summary: Vulnerability types: XSS Tested in version: 41 Fixed in version: 418 GIF Walkthrough: Steps to recreate: Make

Project 7 - WordPress Pentesting Time spent: 7 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Title: WordPress <= 422 - Authenticated Stored Cross-Site Scripting (XSS) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 423 GIF Walkth

Project 7 - WordPress Pentesting Time spent: 13 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Unauthenticated Stored Cross-Site Scripting (XSS) Summary: If wordpress stored text over 64 kb in the database, it was truncated, and displaying after it was fetched from the data

Wordpress exploits demos

Wordpress Exploit #1 Type: Unauthenticated Stored Cross-Site Scripting CVE-2015-3440 Wordpress exploit demo [!] Title: WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Reference: wpvulndbcom/vulnerabilities/7945 Reference: klikkifi/adv/wordpress2html Reference: packetstormsecuritycom/files/131644/ Reference: www

Pentesting & Research Assignment: WordPress Pentesting

Project 7 - WordPress Pentesting Time spent: 8 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE-2016-7168: Authenticated Stored Cross-Site Scripting via Image Filename Summary: Vulnerability types: XSS Tested in version: 453 Fixed in version: 461 GIF Walkthrough:

Project 7 - WordPress Pentesting Time spent: 95 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report 1 (Required) Same-Origin Method Execution CVE 2015-3439 Summary: Vulnerability in Plupload which is used in Wordpress Uses target parameter to execute JavaScript Vulnerability

Exploiting Wordpress vulnerabilities discovered via WPScan

WordPress Pentesting Time spent: 6 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Setup VirtualBox - Virtual machine manager Kali Linux - Attack OS of choice WPDistillery - Creating a locally hosted Wordpress site WPScan - Vulnerability scanner Pentesting Report 1 CVE-2018-6390 - Denial O

For Codepath Security Course Assignment Week 7

Project 7 - WordPress Pentesting Time spent: 10 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report 1 Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds (CVE-2017-6817) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 473 GIF W

Project 7 - WordPress Pentesting Time spent: 12 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 421 Exploit Database 3684