Description

Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.

Remediation

References

CVE-2015-5734

Related Vulnerabilities

MySQL CVE-2015-4819 Vulnerability (CVE-2015-4819)

PHP Other Vulnerability (CVE-2006-4483)

SharePoint CVE-2023-33134 Vulnerability (CVE-2023-33134)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2020-1967)

Oracle Application Server Other Vulnerability (CVE-2005-1496)

Severity

Medium

Classification

CVE-2015-5734 CWE-707

Tags

Missing Update Known Vulnerabilities