Description

Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.

Remediation

References

CVE-2015-5732

Related Vulnerabilities

Oracle Database Server CVE-2012-1737 Vulnerability (CVE-2012-1737)

Squid Improper Certificate Validation Vulnerability (CVE-2021-41611)

WordPress Plugin YITH Color and Label Variations for WooCommerce Security Bypass (1.8.11)

WordPress Plugin Analytics-Gtag Restricted File Upload (1.8.1)

Drupal Core 8.x.x Security Bypass (8.0.0 - 8.7.14)

Severity

Medium

Classification

CVE-2015-5732 CWE-707

Tags

Missing Update Known Vulnerabilities