Description

Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

Remediation

References

CVE-2015-5714

Related Vulnerabilities

WordPress Plugin Gallery PhotoBlocks Unspecified Vulnerability (1.1.32)

WordPress Plugin WooCommerce SagePay Direct Payment Gateway Multiple Cross-Site Scripting Vulnerabilities (0.1.6.6)

Drupal Core 6.x Information Disclosure (6.0 - 6.30)

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-9591)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1591)

Severity

Medium

Classification

CVE-2015-5714 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities