ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.3.0 - XSS

Product
WordPress
Description
This vulnerability is in the user list table in WordPress. It allows an authenticated user to inject HTML or arbitrary web script via a crafted e-mail address.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-7989
Versions
Affected In <= 4.3.0
Fixed In 4.3.1
Disclosure date
2015-10-28