CVE-2015-5714 — wordpress - security update

Description

Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

How to fix CVE-2015-5714

To remediate CVE-2015-5714, upgrade the affected package to a fixed version below.

Debian/wordpress—upgrade to 4.3.1+dfsg-1 or later
—upgrade to 3.6.1+dfsg-1~deb6u8 or later
—upgrade to 4.1+dfsg-1+deb8u5 or later

Is CVE-2015-5714 being exploited?

Moderate — EPSS is 30.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 4.3.1+dfsg-1
from 0, < 3.6.1+dfsg-1~deb6u8
from 0, < 4.1+dfsg-1+deb8u5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-5714