CVE-2014-9031

EPSS 0.60%

wordpress - security update

Published: 11/25/2014Modified: 5/27/2026

Description

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.

Affected packages (3)

Debian/wordpressfrom 0, < 4.0.1+dfsg-1
Debian/wordpressfrom 0, < 3.6.1+dfsg-1~deb6u6
Debian/wordpressfrom 0, < 3.6.1+dfsg-1~deb7u5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9031