1. Home
  2. CVEs with refmap.mlist==[oss-security] 20150723 Re: CVE request: WordPress 4.2.2 and earlier cross-site scripting vulnerability
Max CVSS 4.0 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-5622 3.5
Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to w
04-11-2017 - 01:29 03-08-2015 - 14:59
CVE-2015-5623 4.0
WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save a
21-09-2017 - 01:29 03-08-2015 - 14:59
Back to Top Mark selected
Back to Top