Description

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.

Remediation

References

CVE-2014-9031

Related Vulnerabilities

WordPress Plugin Import any XML or CSV File to WordPress Arbitrary File Upload (3.6.7)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.23)

WordPress Plugin Triagis WordPress Security Evaluation-Check Folder Permissions, Fix For Common Security Vulnerabilities Multiple Cross-Site Request Forgery Vulnerabilities (1.15)

Oracle Database Server CVE-2015-4794 Vulnerability (CVE-2015-4794)

WordPress Plugin UsersWP-Front-end login form, User Registration, User Profile & Members Directory for WP Security Bypass (1.2.3)

Severity

Medium

Classification

CVE-2014-9031 CWE-707

Tags

Missing Update Known Vulnerabilities