Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-5734

Published: 09/11/2015 Updated: 04/11/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a crafted string.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734: 4.2.3 and earlier multiple vulnerabilities
Debian Bug report logs - #794560 wordpress: CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734: 423 and earlier multiple vulnerabilities Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: ...
Debian Security Advisories: DSA-3332-1 wordpress -- security update
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a bit more strict, which may affect your installation This is the correct ...
Debian Security Advisories: DSA-3383-1 wordpress -- security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a ...

Github Repositories

https://github.com/JHChen3/web_security_week7

Project 7 - WordPress Pentesting Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report WordPress 33-474 - Large File Upload Error XSS (CVE-ID: CVE-2017-9061) Summary: Vulnerability types: XSS Tested in version: 42 Fixed in version: 4215 GIF Walkthrough: user-imagesgithubuserconten

https://github.com/breindy/Week7-WordPress-Pentesting

CodePath University's Web Security - Week 7: WordPress Pentesting (Spring 2018)

CodePath University's Web Security Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) 422 - Authenticated Stored Cross-Site Scripting (XSS) Summary: A stored XSS vulnerability in WordPress allows an user with the

https://github.com/dog23/week-7

Project 7 - WordPress Pentesting Time spent: 12 hours spent in total Pentesting Report User Enumeration Summary: WPscan enumerates users Vulnerability types: User Enumeration Tested in version: 422 Fixed in version: GIF Walkthrough:

https://github.com/sunnyl66/CyberSecurity

Week 7 Assignment - WordPress vs. Kali

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document 3 affecting an old version of WordPress Version of WordPress Tested: 42 Vulnerability 1 - Legacy Theme Preview Cross-Site Scripting (XSS) Steps to reproduce: Go to any post Paste the following as a comment: <a href='/wp-admin/' title="

https://github.com/NOSH2000/KaliAssignment7Cyber

Project 7 - WordPress Pentesting Time spent: 15 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report 1 CVE-2017-6817: Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds Summary: Vulnerability types: XSS Tested in version: 4116 Fixed in version: 603 GIF W

References

CWE-79https://core.trac.wordpress.org/changeset/33549https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/https://codex.wordpress.org/Version_4.2.4http://openwall.com/lists/oss-security/2015/08/04/7http://www.securityfocus.com/bid/76331https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.htmlhttps://wpvulndb.com/vulnerabilities/8133http://www.debian.org/security/2015/dsa-3332http://www.securitytracker.com/id/1033178http://www.debian.org/security/2015/dsa-3383https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794560https://github.com/breindy/Week7-WordPress-Pentestinghttps://www.debian.org/security/./dsa-3332
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook