WordPress Vulnerabilities

WordPress <= 4.2.3 - Nav Menu Title Cross-Site Scripting (XSS)

Affects WordPress

3.8.1
Fixed in WordPress 3.8.10
3.8
Fixed in WordPress 3.8.10
3.7.1
Fixed in WordPress 3.7.10
3.9
Fixed in WordPress 3.9.8
3.9.1
Fixed in WordPress 3.9.8
3.7
Fixed in WordPress 3.7.10
3.8.2
Fixed in WordPress 3.8.10
3.8.3
Fixed in WordPress 3.8.10
3.9.2
Fixed in WordPress 3.9.8
4.0
Fixed in WordPress 4.0.7
4.1
Fixed in WordPress 4.1.7
4.1.1
Fixed in WordPress 4.1.7
4.2
Fixed in WordPress 4.2.4
3.9.3
Fixed in WordPress 3.9.8
4.1.2
Fixed in WordPress 4.1.7
4.2.1
Fixed in WordPress 4.2.4
4.0.1
Fixed in WordPress 4.0.7
4.1.5
Fixed in WordPress 4.1.7
4.1.4
Fixed in WordPress 4.1.7
4.1.3
Fixed in WordPress 4.1.7
3.8.4
Fixed in WordPress 3.8.10
3.7.4
Fixed in WordPress 3.7.10
4.2.3
Fixed in WordPress 4.2.4
3.8.8
Fixed in WordPress 3.8.10
3.8.5
Fixed in WordPress 3.8.10
3.8.6
Fixed in WordPress 3.8.10
3.8.7
Fixed in WordPress 3.8.10
3.7.2
Fixed in WordPress 3.7.10
3.7.3
Fixed in WordPress 3.7.10
3.7.5
Fixed in WordPress 3.7.10
3.7.6
Fixed in WordPress 3.7.10
3.7.7
Fixed in WordPress 3.7.10
3.7.8
Fixed in WordPress 3.7.10
3.7.9
Fixed in WordPress 3.7.10
3.8.9
Fixed in WordPress 3.8.10
3.9.4
Fixed in WordPress 3.9.8
3.9.5
Fixed in WordPress 3.9.8
3.9.6
Fixed in WordPress 3.9.8
3.9.7
Fixed in WordPress 3.9.8
4.0.2
Fixed in WordPress 4.0.7
4.0.3
Fixed in WordPress 4.0.7
4.0.4
Fixed in WordPress 4.0.7
4.0.5
Fixed in WordPress 4.0.7
4.0.6
Fixed in WordPress 4.0.7
4.1.6
Fixed in WordPress 4.1.7
4.2.2
Fixed in WordPress 4.2.4
3.7.10
Fixed in WordPress 3.7.10

References

CVE
CVE-2015-5733
URL
https://core.trac.wordpress.org/changeset/33541

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4df947ed-d886-4e99-bc8c-b5be1af9844f

Timeline

Publicly Published
2015-08-05 (about 10 years ago)
Added
2015-08-05 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2025-04-09
Title
WooCommerce – Payphone Gateway < 3.2.1 - Reflected Cross-Site Scripting
Published
2025-09-22
Title
AnyClip Luminous Studio <= 1.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2023-07-24
Title
WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting
Published
2025-03-20
Title
ZhinaTwitterWidget <= 1.0 - Reflected Cross-Site Scripting
Published
2023-09-27
Title
Save as PDF by Pdfcrowd < 2.16.1 - Admin+ Stored XSS