Cross site scripting

2014-08-1811:15:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.

CPENameOperatorVersion
debian_linuxeq7.0
wordpresseq3.0.5
wordpresseq3.4.0
wordpresseq3.6.1
wordpresseq3.7
wordpresseq3.5.0
wordpresseq3.0.2
wordpresseq3.2.1
wordpresseq3.1.4
wordpresseq3.0

Name	Operator	Version
debian_linux	eq	7.0
wordpress	eq	3.0.5
wordpress	eq	3.4.0
wordpress	eq	3.6.1
wordpress	eq	3.7
wordpress	eq	3.5.0
wordpress	eq	3.0.2
wordpress	eq	3.2.1
wordpress	eq	3.1.4
wordpress	eq	3.0