WPScan
How it works
Pricing
Vulnerabilities
WordPress
Plugins
Themes
Stats
Submit vulnerabilities
For developers
Status
API details
CLI scanner
Contact
Login
Talk to sales
WPScan
How it works
Pricing
Vulnerabilities
WordPress
Plugins
Themes
Stats
Submit vulnerabilities
For developers
Status
API details
CLI scanner
Contact
Login
Talk to sales
WordPress Vulnerabilities
WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
Affects WordPress
4.4
Fixed in version 4.4.1
4.3.1
Fixed in version 4.3.2
4.2.5
Fixed in version 4.2.6
4.1.8
Fixed in version 4.1.9
4.0.8
Fixed in version 4.0.9
3.9.9
Fixed in version 3.9.10
3.7.11
Fixed in version 3.7.12
3.7
Fixed in version 3.7.12
3.7.1
Fixed in version 3.7.12
3.7.2
Fixed in version 3.7.12
Show more
References
CVE
CVE-2016-1564
URL
https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
URL
https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
Classification
Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
Miscellaneous
Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
09329e59-1871-4eb7-b6ea-fd187cd8db23
Timeline
Publicly Published
2016-01-06
(about 7 years ago)
Added
2016-01-06
(about 7 years ago)
Last Updated
2020-09-22
(about 2 years ago)
Our Other Services
WPScan WordPress Security Plugin