ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.2.3 - XSS #2

Product
WordPress
Description
This vulnerability exists in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in the "form" function. It allows remote attackers to inject arbitrary web script or HTML via a widget title. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-2-3-xss
Solution
Update WordPress.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-5732
Versions
Affected In <= 4.2.3
Fixed In 4.2.4
Disclosure date
2015-08-04