EPSS
Percentile
55.7%
This vulnerability in wp-includes/wp-db.php allows an attacker to inject arbitrary web script or HTML via a long comment which is improperly stored because there are some limitations on the MySQL TEXT data type.
Update WordPress.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8834