Published: 09/11/2015 Updated: 04/11/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a widget title.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress

Debian Bug report logs - #794560 wordpress: CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734: 423 and earlier multiple vulnerabilities Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: ...

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a bit more strict, which may affect your installation This is the correct ...

Several vulnerabilities were discovered in Wordpress, a web blogging tool The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a ...

WordPress Pen Testing Objective: Find, analyze, recreate, and document three vulnerabilities affecting an old version of WordPress Pen Testing Report 1 Authenticated Stored Cross-Site Scripting (CVE-2015-5732) Summary: XSS vulnerability in WordPress before 423 allowing remote authenticated users to inject malicious scripts by utlizing Contributor role Vulnerability ty

CWE-79 https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/https://codex.wordpress.org/Version_4.2.4 https://core.trac.wordpress.org/changeset/33529 http://openwall.com/lists/oss-security/2015/08/04/7 http://www.securityfocus.com/bid/76160 http://www.debian.org/security/2015/dsa-3332 https://wpvulndb.com/vulnerabilities/8131 http://www.securitytracker.com/id/1033178 http://www.debian.org/security/2015/dsa-3383 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560 https://www.debian.org/security/./dsa-3332

CVE-2015-5732

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect