Cross-Site Scripting Vulnerability in WordPress by Automattic
CVE-2015-3440

Currently unrated

Key Information:

Vendor: Wordpress
Status: Debian Linux
Vendor: CVE Published:; 3 August 2015

What is CVE-2015-3440?

A Cross-Site Scripting (XSS) vulnerability existed in WordPress versions prior to 4.2.1, allowing remote attackers to inject arbitrary web scripts or HTML into comments. This vulnerability arose due to improper storage of long comments, which are limited by the MySQL TEXT data type. When users interact with infected comments, they may unknowingly execute malicious scripts, potentially compromising their accounts and exposing sensitive information.