Cross-Site Scripting Vulnerability in WordPress by Automattic
CVE-2015-3440

Currently unrated

Key Information:

Vendor: Wordpress
Status: Debian Linux
Vendor: CVE Published:; 3 August 2015

Summary

A Cross-Site Scripting (XSS) vulnerability existed in WordPress versions prior to 4.2.1, allowing remote attackers to inject arbitrary web scripts or HTML into comments. This vulnerability arose due to improper storage of long comments, which are limited by the MySQL TEXT data type. When users interact with infected comments, they may unknowingly execute malicious scripts, potentially compromising their accounts and exposing sensitive information.

References

https://www.exploit-db.com/exploits/36844/

exploitx_refsource_EXPLOIT-DB

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://codex.wordpress.org/Version_4.2.1

x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 3, 2015
Vulnerability Reserved
Apr 28, 2015