Cross-Site Scripting Vulnerability in WordPress by Automattic
CVE-2015-3440

Currently unrated

Key Information:

Vendor

Wordpress
Status
Debian Linux
Vendor
CVE Published:
3 August 2015

What is CVE-2015-3440?

A Cross-Site Scripting (XSS) vulnerability existed in WordPress versions prior to 4.2.1, allowing remote attackers to inject arbitrary web scripts or HTML into comments. This vulnerability arose due to improper storage of long comments, which are limited by the MySQL TEXT data type. When users interact with infected comments, they may unknowingly execute malicious scripts, potentially compromising their accounts and exposing sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.exploit-db.com/exploits/36844/
exploitx_refsource_EXPLOIT-DB
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://codex.wordpress.org/Version_4.2.1
x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.