Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2016-1564

Published: 22/05/2016 Updated: 04/11/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress prior to 4.4.1 allow remote malicious users to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: New version available: 4.4.2 (CVE-2016-2221 CVE-2016-2222)
Debian Bug report logs - #813697 wordpress: New version available: 442 (CVE-2016-2221 CVE-2016-2222) Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Christer Mjellem Strand <dilldall@bjorkorg> Date: Thu, 4 Fe ...
Debian CVElist Bug Report Logs: wordpress: CVE-2016-1564: Cross site scripting vulnerability
Debian Bug report logs - #810325 wordpress: CVE-2016-1564: Cross site scripting vulnerability Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Fri, 8 Jan 2016 10:48:12 UTC Severity: important Tags: fixed-upstream, security, up ...
Debian Security Advisories: DSA-3444-1 wordpress -- security update
Crtc4L discovered a cross-site scripting vulnerability in wordpress, a web blogging tool, allowing a remote authenticated administrator to compromise the site For the oldstable distribution (wheezy), this problem has been fixed in version 361+dfsg-1~deb7u9 For the stable distribution (jessie), this problem has been fixed in version 41+dfsg-1+d ...

Github Repositories

https://github.com/yjcho321/CodePath7

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report Authenticated Shortcode Tags Cross-Site Scripting (XSS) Summary: Vulnerability types: Cross-Site Scripting (CVE 2015-5714) Tested in version: 42 Fixed in version: 431 GIF Wa

https://github.com/breindy/Week7-WordPress-Pentesting

CodePath University's Web Security - Week 7: WordPress Pentesting (Spring 2018)

CodePath University's Web Security Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report (Required) 422 - Authenticated Stored Cross-Site Scripting (XSS) Summary: A stored XSS vulnerability in WordPress allows an user with the

https://github.com/lindaerin/wordpress-pentesting

wordpress pentesting vulnerabilities affecting old version

WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report 422 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability types: 42~ Tested in version: 42 Fixed in version: 423 GIF Walkthrough:

https://github.com/dog23/week-7

Project 7 - WordPress Pentesting Time spent: 12 hours spent in total Pentesting Report User Enumeration Summary: WPscan enumerates users Vulnerability types: User Enumeration Tested in version: 422 Fixed in version: GIF Walkthrough:

https://github.com/lindaerin/WP-Pentesting

wordpress pentesting vulnerabilities affecting old version

WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report 422 - Authenticated Stored Cross-Site Scripting (XSS) Vulnerability types: 42~ Tested in version: 42 Fixed in version: 423 GIF Walkthrough:

https://github.com/sunnyl66/CyberSecurity

Week 7 Assignment - WordPress vs. Kali

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document 3 affecting an old version of WordPress Version of WordPress Tested: 42 Vulnerability 1 - Legacy Theme Preview Cross-Site Scripting (XSS) Steps to reproduce: Go to any post Paste the following as a comment: <a href='/wp-admin/' title="

https://github.com/njulia2/CS4984

CS4984 CS4984 - Wordpress vs Kali - Week 7 Assignment Time spent: 10 hours total READMEmd Authenticated Stored Cross-Site Scripting (XSS) Summary: Vulnerability type: XSS Tested in version: 42 Fixed in version: 423 GIF Walkthrough:

https://github.com/adamhoek/Pentesting

Kali vs WP

Pentesting Kali vs WP v10 Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE-2016-6634 Summary: Input Validation Error Vulnerability types: Unspecified Reflected Cross Site Scripting Vulnerability Tested in version: 42 Fixed

References

CWE-79http://twitter.com/brutelogic/statuses/685105483397619713https://core.trac.wordpress.org/changeset/36185http://www.openwall.com/lists/oss-security/2016/01/08/4https://codex.wordpress.org/Version_4.4.1https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/https://wpvulndb.com/vulnerabilities/8358http://www.securitytracker.com/id/1034622http://www.debian.org/security/2016/dsa-3444https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813697https://github.com/breindy/Week7-WordPress-Pentestinghttps://www.debian.org/security/./dsa-3444
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook