WordPress 3.9, 3.9.1, 3.9.2, 4.0 – XSS in Media Playlists | CVE 2014-9032

Affects WordPress

4.0

Fixed in WordPress 4.0.1

3.9

Fixed in WordPress 4.0.1

3.9.1

Fixed in WordPress 4.0.1

3.9.2

Fixed in WordPress 4.0.1

References

CVE

CVE-2014-9032

URL

https://core.trac.wordpress.org/changeset/30422

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

4fa374b3-53c6-48d0-bdf8-5ef1c0aa9316

Timeline

Publicly Published

2014-11-30 (about 9 years ago)

Added

2014-11-30 (about 9 years ago)

Last Updated

2019-10-21 (about 4 years ago)

Other

Published

Title

Published

2024-04-19

Title

RSS Feed Widget < 2.9.8 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2019-02-06

Title

Parallax Scroll < 2.1 - Cross-Site Scripting (XSS)

Published

2015-11-17

Title

WooCommerce <= 2.4.8 - Authenticated Cross-Site Scripting (XSS)

Published

2023-11-14

Title

Namaste! LMS < 2.6.1.2 - Reflected Cross-Site Scripting

Published

2023-08-28

Title

GuruWalk Affiliates <= 1.0.0 - Admin+ Stored XSS