Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
312
VMScore

CVE-2015-7989

Published: 22/05/2016 Updated: 04/11/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the user list table in WordPress prior to 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: CVE-2015-5714 CVE-2015-5715
Debian Bug report logs - #799140 wordpress: CVE-2015-5714 CVE-2015-5715 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 16 Sep 2015 08:57:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in ...
Debian Security Advisories: DSA-3375-1 wordpress -- security update
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered The issue has been fixed by not allowing unclosed HTML elements in attributes CVE-2015-5715 A vulnerability has been discovered, allowing user ...
Debian Security Advisories: DSA-3383-1 wordpress -- security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved The parsing is a ...

Github Repositories

https://github.com/Gshack18/WPS_Scan

My WPS scan Results

Project 7 - WordPress Pentesting Pentesting Report Time spent: 9 hours spent in total because I couldn't get it up and running in Vbox Objective: Find, analyze, recreate, and document six vulnerabilities affecting an old version of WordPress Table of Contents List of Vulnerabilities found -[!] Title: WordPress 42-472 - Press This CSRF DoS -[!] Title: WordPress 23-4

https://github.com/Gshack18/IST_590_fall

My WPS scan Results

Project 7 - WordPress Pentesting Pentesting Report Time spent: 9 hours spent in total because I couldn't get it up and running in Vbox Objective: Find, analyze, recreate, and document six vulnerabilities affecting an old version of WordPress Table of Contents List of Vulnerabilities found -[!] Title: WordPress 42-472 - Press This CSRF DoS -[!] Title: WordPress 23-4

References

CWE-79https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290ahttps://security-tracker.debian.org/tracker/CVE-2015-7989https://wordpress.org/news/2015/09/wordpress-4-3-1/https://codex.wordpress.org/Version_4.3.1https://wpvulndb.com/vulnerabilities/8187http://www.securitytracker.com/id/1033979http://www.debian.org/security/2015/dsa-3383http://www.debian.org/security/2015/dsa-3375https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140https://github.com/Gshack18/WPS_Scanhttps://www.debian.org/security/./dsa-3375
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook