Exploitation Summary
CVE-2015-3440 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including klikki.
AI-analyzed exploit summary This is a writeup detailing a stored XSS vulnerability in WordPress (CVE-2015-3440) where an unauthenticated attacker can inject JavaScript via overly long comments, leading to potential arbitrary code execution if triggered by an administrator.
Description
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
Exploits (1)
This is a writeup detailing a stored XSS vulnerability in WordPress (CVE-2015-3440) where an unauthenticated attacker can inject JavaScript via overly long comments, leading to potential arbitrary code execution if triggered by an administrator.