CVE-2015-5714
MEDIUMWordPress < 4.3.1 - Cross-Site Scripting via Shortcode Tag Processing
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
References (9)
Core 9
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3375
Patch x_refsource_confirm
https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3383
Third Party Advisory x_refsource_confirm
https://security-tracker.debian.org/tracker/CVE-2015-5714
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76745
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8186
Patch x_refsource_confirm
https://codex.wordpress.org/Version_4.3.1
Patch, Vendor Advisory x_refsource_confirm
https://wordpress.org/news/2015/09/wordpress-4-3-1/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033979
Scores
CVSS v3
6.1
EPSS
0.3065
EPSS Percentile
96.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
wordpress/wordpress
< 4.3.0
Published
May 22, 2016
Tracked Since
Feb 18, 2026