CVE-2015-5714

medium

Description

Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

References

https://wpvulndb.com/vulnerabilities/8186

https://wordpress.org/news/2015/09/wordpress-4-3-1/

https://security-tracker.debian.org/tracker/CVE-2015-5714

https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8

https://codex.wordpress.org/Version_4.3.1

http://www.securitytracker.com/id/1033979

http://www.securityfocus.com/bid/76745

http://www.debian.org/security/2015/dsa-3383

http://www.debian.org/security/2015/dsa-3375

Details

Source: Mitre, NVD

Published: 2016-05-22

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N