Description

Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.

Remediation

References

CVE-2015-5734

Related Vulnerabilities

Jenkins DEPRECATED: Code Vulnerability (CVE-2016-3721)

WebLogic CVE-2020-14757 Vulnerability (CVE-2020-14757)

Java Denial of Service (DoS) Vulnerability (CVE-2019-2762)

MySQL CVE-2019-2420 Vulnerability (CVE-2019-2420)

Sqlite Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-6607)

Severity

Medium

Classification

CVE-2015-5734 CWE-707

Tags

Missing Update Known Vulnerabilities