← volver
CVE-2014-9031

CVE-2014-9031

EPSS 5.0%
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://advisories.mageia.org/MGASA-2014-0493.htmlhttp://klikki.fi/adv/wordpress.htmlhttp://openwall.com/lists/oss-security/2014/11/25/12http://seclists.org/fulldisclosure/2014/Nov/62https://wordpress.org/news/2014/11/wordpress-4-0-1/http://www.debian.org/security/2014/dsa-3085http://www.mandriva.com/security/advisories?name=MDVSA-2014:233http://www.securityfocus.com/bid/71237http://www.securitytracker.com/id/1031243