Published: 22/05/2016 Updated: 04/11/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 358

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress prior to 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress

Debian Bug report logs - #799140 wordpress: CVE-2015-5714 CVE-2015-5715 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 16 Sep 2015 08:57:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in ...

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered The issue has been fixed by not allowing unclosed HTML elements in attributes CVE-2015-5715 A vulnerability has been discovered, allowing user ...

Several vulnerabilities were discovered in Wordpress, a web blogging tool The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a ...

Week 7 Assignment - WordPress Pentesting Time spent: 8 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Vulnerability Name or ID Summary: Legacy Theme Preview Cross-Site Scripting (XSS) Vulnerability types: Cross-site Scripting (XSS) Tested in version: 420 Fixed

Project 7 - WordPress Pen Testing Time spent: 15 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pen Testing Report 1 (Required) Vulnerability Name or ID Summary: Vulnerability types: XSS (CVE-2015-5714) Tested in version: 42 (affects versions 40 - 43 Fixed in version: 425 GIF Walkth

My assignment for week 7

CyberSecurityWeek7 My assignment for week 7 Exploit 1: [!] Title: WordPress <= 42 - Unauthenticated Stored Cross-Site Scripting (XSS) Reference: wpvulndbcom/vulnerabilities/7945 Reference: klikkifi/adv/wordpress2html Reference: packetstormsecuritycom/files/131644/ Reference: wwwexploit-dbcom/exploits/36844/ [i] Fixed in: 421 Source

Cyber Security

Week 7 & 8 - Wordpress Penetration testing Vulnerability 1: Authenticated Stored Cross-Site Scripting via Image Filename Steps: Intro -The XSS code can be inserted as a crafted filename of any post attachment This post when viewed can cause malicious actions to occur on the viewers computer The file name given to the image to be used here is: <img src=a onerr

Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress, using wpscan in Kali linux.

Project 7 - WordPress Pentesting Time spent: 8 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Authenticated Stored Cross-Site Scripting via Image Filename Summary: Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/mediaphp in

Experimenting with Kali Linux tools to exploit vulnerabilities in WordPress

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) WordPress 40-428 - Pupload Same-Origin Method Execution (SOME) attack Summary: a cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2016-4566 b wpvulndbco

CyberU Week 7 Assignment

Project 7 - WordPress Pentesting Time spent: 6 hours spent in total Objective: Find, analyze, recreate, and document three vulnerabilities affecting an old version of WordPress Pentesting Report (Required) Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 4213 GIF Walkthro

CWE-264 https://security-tracker.debian.org/tracker/CVE-2015-5715 https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab https://wordpress.org/news/2015/09/wordpress-4-3-1/https://codex.wordpress.org/Version_4.3.1 http://www.securityfocus.com/bid/76748 https://wpvulndb.com/vulnerabilities/8188 http://www.securitytracker.com/id/1033979 http://www.debian.org/security/2015/dsa-3383 http://www.debian.org/security/2015/dsa-3375 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140 https://nvd.nist.gov https://github.com/AGENTGOOBER/CyberSecurityWeek7 https://www.debian.org/security/./dsa-3375

CVE-2015-5715

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect