Lucene search
N/APATCHSTACK:32A0E8D66B9E8D860BE7ED0A19D88734HistoryAug 14, 2014 - 12:00 a.m.
WordPress <= 3.9.1 - XSS
2014-08-1400:00:00
N/A
patchstack.com
4
0.001 Low
EPSS
Percentile
36.5%
This vulnerability is in the wp-includes/pluggable.php. It allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
Solution
Update WordPress.
Related
prion
prion
Cross site scripting
2014-08-18 11:15:00
debiancve
debiancve
CVE-2014-5240
2014-08-18 11:15:27
cve
cve
CVE-2014-5240
2014-08-18 11:15:27
ubuntucve
ubuntucve
CVE-2014-5240
2014-08-18 00:00:00
nvd
nvd
CVE-2014-5240
2014-08-18 11:15:27
wpvulndb
wpvulndb
WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
2014-09-16 18:15:20
cvelist
cvelist
CVE-2014-5240
2014-08-18 10:00:00
osv
osv
wordpress - security update
2014-08-09 00:00:00
wordpress - security update
2014-09-17 00:00:00
nessus
nessus
Fedora 20 : wordpress-3.9.2-3.fc20 (2014-9264)
2014-08-22 00:00:00
Debian DSA-3001-1 : wordpress - security update
2014-08-10 00:00:00
Debian DLA-56-1 : wordpress security update
2015-03-26 00:00:00
openvas
openvas
Debian Security Advisory DSA 3001-1 (wordpress - security update)
2014-08-09 00:00:00
Debian: Security Advisory (DLA-56-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3001-1)
2014-08-08 00:00:00
debian
debian
[SECURITY] [DLA 56-1] wordpress security update
2014-09-17 12:05:09