WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9031)

Description

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.

Remediation

References

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-32566)

Joomla Other Vulnerability (CVE-2007-4185)

WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)

WordPress Plugin eventON Multiple Cross-Site Scripting Vulnerabilities (2.6.11)

Oracle Application Server Other Vulnerability (CVE-2002-0565)

Severity

Medium

Classification

CVE-2014-9031 CWE-707

Tags

Missing Update Known Vulnerabilities