WordPress Vulnerabilities

WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite

Affects WordPress

3.0
Fixed in WordPress 3.9.2
3.0.1
Fixed in WordPress 3.9.2
3.0.2
Fixed in WordPress 3.9.2
3.0.3
Fixed in WordPress 3.9.2
3.0.4
Fixed in WordPress 3.9.2
3.0.5
Fixed in WordPress 3.9.2
3.1
Fixed in WordPress 3.9.2
3.1.1
Fixed in WordPress 3.9.2
3.1.2
Fixed in WordPress 3.9.2
3.1.3
Fixed in WordPress 3.9.2
3.1.4
Fixed in WordPress 3.9.2
3.2
Fixed in WordPress 3.9.2
3.2.1
Fixed in WordPress 3.9.2
3.3
Fixed in WordPress 3.9.2
3.3.1
Fixed in WordPress 3.9.2
3.3.2
Fixed in WordPress 3.9.2
3.4
Fixed in WordPress 3.9.2
3.4.1
Fixed in WordPress 3.9.2
3.4.2
Fixed in WordPress 3.9.2
3.5
Fixed in WordPress 3.9.2
3.5.1
Fixed in WordPress 3.9.2
3.5.2
Fixed in WordPress 3.9.2
3.6
Fixed in WordPress 3.9.2
3.6.1
Fixed in WordPress 3.9.2
3.7
Fixed in WordPress 3.9.2
3.7.1
Fixed in WordPress 3.9.2
3.8
Fixed in WordPress 3.9.2
3.8.1
Fixed in WordPress 3.9.2
3.8.2
Fixed in WordPress 3.9.2
3.8.3
Fixed in WordPress 3.9.2
3.9
Fixed in WordPress 3.9.2
3.9.1
Fixed in WordPress 3.9.2

References

CVE
CVE-2014-5240
URL
https://core.trac.wordpress.org/changeset/29398

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
admin
Verified
No
WPVDB ID
4ea0b732-468c-4f3b-9b43-d7e897e1d665

Timeline

Publicly Published
2014-09-16 (about 9 years ago)
Added
2014-09-16 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2014-04-25
Title
Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2023-10-02
Title
wordpress publish post email notification < 1.0.2.3 - Admin+ Stored XSS
Published
2015-08-11
Title
AddThis Sharing Buttons <= 5.0.12 - Authenticated Cross-Site Scripting (XSS)
Published
2017-04-12
Title
Multiple BestWebSoft Plugins - Authenticated Cross-Site Scripting (XSS)
Published
2024-04-29
Title
CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting