CVE-2015-5714

6.1 MEDIUM

Published: May 22, 2016 Modified: May 06, 2026

Description

Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.debian.org/security/2015/dsa-3375

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3383

Source: cve@mitre.org

http://www.securityfocus.com/bid/76745

Source: cve@mitre.org

http://www.securitytracker.com/id/1033979

Source: cve@mitre.org

https://codex.wordpress.org/Version_4.3.1

Source: cve@mitre.org

Patch

https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8

Source: cve@mitre.org

https://security-tracker.debian.org/tracker/CVE-2015-5714

Source: cve@mitre.org

https://wordpress.org/news/2015/09/wordpress-4-3-1/

Source: cve@mitre.org

Patch Vendor Advisory

https://wpvulndb.com/vulnerabilities/8186

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3375