ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.2 - Stored XSS

Product
WordPress
Description
A stored XSS affects the WordPress core. This vulnerability allows an attacker to inject JavaScript in WordPress comments, change the administrator’s password, create new accounts or execute arbitrary code on the server through the theme and plugin editors.
Solution
Update WordPress.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE- 2015-3440
Versions
Affected In <= 4.2
Fixed In 4.3
Disclosure date
2015-04-27
Credits
klikki