Description

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.

Remediation

References

CVE-2014-9031

Related Vulnerabilities

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15698)

WordPress Plugin Fancy Product Designer-WooCommerce Arbitrary File Upload (4.5.1)

MySQL CVE-2022-21486 Vulnerability (CVE-2022-21486)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40882)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4753)

Severity

Medium

Classification

CVE-2014-9031 CWE-707

Tags

Missing Update Known Vulnerabilities