Description

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.

Remediation

References

CVE-2014-9031

Related Vulnerabilities

WordPress Plugin WPJobBoard SQL Injection (5.6.4)

Atlassian Jira CVE-2020-14167 Vulnerability (CVE-2020-14167)

WordPress Plugin StatPressCN 'wp-admin/admin.php' Multiple Cross-Site Scripting Vulnerabilities (1.9.0)

Django Improper Input Validation Vulnerability (CVE-2011-4139)

WordPress 3.7.x Possible SQL Injection Vulnerability (3.7 - 3.7.22)

Severity

Medium

Classification

CVE-2014-9031 CWE-707

Tags

Missing Update Known Vulnerabilities