Cross-site Scripting (XSS)

wordpress is vulnerable to cross-site scripting XSS. The attack is due to lack of sanitization of URL in wpksesbadprotocolonce in wp-includes/kses.php...

CVE-2015-5622

Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...

CVE-2015-5622

Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...

CVE-2015-5622

Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...

CVE-2015-5622

CVE-2015-5622 concerns the robustness of WordPress shortcode HTML tag filtering. The patch tightened the parsing in wp-includes/kses.php and related shortcode handling, with fixes released around WordPress 4.2.x and culminating in WordPress 4.2.3. Debian advisories also note fixes for this CVE in...

WordPress <= 4.2.2 - XSS

WordPress 4.2.2 is prone to a cross site scripting vulnerability that allows an authenticated user to bypass intended access restrictions and create drafts by leveraging the Subscriber role. Also, it allows to inject web script or HTML by leveraging the Author role to place a crafted shortcode...