Description

Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.

Remediation

References

CVE-2015-5732

Related Vulnerabilities

Drupal CVE-2022-25278 Vulnerability (CVE-2022-25278)

MySQL CVE-2023-21980 Vulnerability (CVE-2023-21980)

WordPress Plugin Request a Quote Cross-Site Scripting (2.3.4)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1000482)

RubyGems Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000078)

Severity

Medium

Classification

CVE-2015-5732 CWE-707

Tags

Missing Update Known Vulnerabilities