ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 3.9.2 - XSS

Product
WordPress
Description
This vulnerability is in the "wptexturize" function. It allows the attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
Solution
Update WordPress.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2014-9031
Versions
Affected In <= 3.9.2
Fixed In 3.9.3
Disclosure date
2014-11-20