CVE-2015-3440
EPSS 14.4%Published: 8/3/2015Modified: 5/27/2026
Description
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
Affected packages (1)
- Debian/wordpressfrom 0, < 4.2.1+dfsg-1