ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.2.1 - XSS

Product
WordPress
Description
This vulnerability in wp-includes/wp-db.php allows an attacker to inject arbitrary web script or HTML via a long comment which is improperly stored because there are some limitations on the MySQL TEXT data type.
Solution
Update WordPress.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-8834
Versions
Affected In <= 4.2.1
Fixed In 4.2.2
Disclosure date
2016-03-25