Published: 09/11/2015 Updated: 21/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress prior to 4.2.4 does not use a constant-time comparison for widgets, which allows remote malicious users to conduct a timing side-channel attack by measuring the delay before inequality is calculated.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress

Debian Bug report logs - #794560 wordpress: CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734: 423 and earlier multiple vulnerabilities Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: ...

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a bit more strict, which may affect your installation This is the correct ...

CWE-200 https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/https://codex.wordpress.org/Version_4.2.4 https://core.trac.wordpress.org/changeset/33536 https://core.trac.wordpress.org/changeset/33535 http://openwall.com/lists/oss-security/2015/08/04/7 http://www.securityfocus.com/bid/76160 http://www.debian.org/security/2015/dsa-3332 https://wpvulndb.com/vulnerabilities/8130 http://www.securitytracker.com/id/1033178 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560 https://www.debian.org/security/./dsa-3332

CVE-2015-5730

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect