HTTP: Wordpress CVE-2015-5714 Cross Site Scripting

This signature detects attempts to exploit a known cross-site scripting vulnerability against Wordpres. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Extended Description

Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.

Affected Products

Wordpress wordpress

References

CVE: CVE-2015-5714

Short Name
HTTP:XSS:WP-CVE-2015-5714
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2015-5714 Cross Scripting Site Wordpress
Release Date
03/10/2020
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Wordpress

CVSS Score

4.3

Found a potential security threat?