0.013 Low
EPSS
Percentile
86.0%
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.
launchpad.net/bugs/cve/CVE-2015-5732
nvd.nist.gov/vuln/detail/CVE-2015-5732
security-tracker.debian.org/tracker/CVE-2015-5732
www.cve.org/CVERecord?id=CVE-2015-5732