Cross-site Scripting (XSS)

2017-09-2900:33:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

65.5%

JSON

Wordpress is vulnerable to cross-site scripting (XSS) attacks. A malicious user can pass a javascript: or data: URL to the link modal to inject and execute arbitrary Javascript.

CPENameOperatorVersion
johnpbloch/wordpress-corele3.8.21
johnpbloch/wordpress-corele4.4.10
johnpbloch/wordpress-corele4.2.15
johnpbloch/wordpress-corele4.8.1
johnpbloch/wordpress-corele3.7.21
johnpbloch/wordpress-corele4.3.11
johnpbloch/wordpress-corele4.5.9
johnpbloch/wordpress-corele4.0.18
johnpbloch/wordpress-corele4.1.18
johnpbloch/wordpress-corele3.9.19

Name	Operator	Version
johnpbloch/wordpress-core	le	3.8.21
johnpbloch/wordpress-core	le	4.4.10
johnpbloch/wordpress-core	le	4.2.15
johnpbloch/wordpress-core	le	4.8.1
johnpbloch/wordpress-core	le	3.7.21
johnpbloch/wordpress-core	le	4.3.11
johnpbloch/wordpress-core	le	4.5.9
johnpbloch/wordpress-core	le	4.0.18
johnpbloch/wordpress-core	le	4.1.18
johnpbloch/wordpress-core	le	3.9.19