CVE-2015-3438
wordpress - security update
EPSS 1.6%
描述
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.
如何修補 CVE-2015-3438
要修補 CVE-2015-3438,請將受影響套件升級到下列已修補版本。
- Debian/wordpress—升級至 4.2+dfsg-1 或更新版本
- Debian/wordpress—升級至 3.6.1+dfsg-1~deb7u6 或更新版本
CVE-2015-3438 正在被利用嗎?
低 — EPSS 為 1.6%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 4.2+dfsg-1
- from 0, < 3.6.1+dfsg-1~deb7u6