CVE-2015-5714

MEDIUM

WordPress <4.3.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

References (9)

Scores

CVSS v3 6.1
EPSS 0.3065
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status draft

Affected Products (1)

wordpress/wordpress < 4.3.0

Timeline

Published May 22, 2016
Tracked Since Feb 18, 2026