Description

Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

Remediation

References

CVE-2015-5714

Related Vulnerabilities

Jetty Improper Neutralization of Quoting Syntax Vulnerability (CVE-2023-36479)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-5954)

WordPress Plugin WordPress Download Manager Cross-Site Request Forgery (2.8.99)

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

Perl Out-of-bounds Write Vulnerability (CVE-2022-48522)

Severity

Medium

Classification

CVE-2015-5714 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities