Description
|
|
Several cross-site scripting vulnerabilities were reported in Wordpress' core:
- located in the 'examples.html' HTML file of Genericons, an icon font package used in several themes and plugins. An authenticated remote attacker could exploit by inciting their victim into following a specially formed link in order to execute arbitrary Javascript or HTML code on the client side, with the browser rights.
- located in the visual editor.
An exploitation code is available for the vulnerability impacting Genericons.
The wordpress packages provided by Debian Jessie 8 are impacted by the CVE-2015-3429 vulnerability.
The de-wordpress, ja-wordpress, ru-wordpress, wordpress, zh-wordpress-zh_CH and zh-wordpress-zh_TW packages provided by FreeBSD are vulnerable.
Updated, 14/05/2015:
A proof of concept is available for Auberge and Modern themes.
Updated, 27/05/2015:
The Artificial Intelligence theme for Wordpress is impacted by the CVE-2015-3429 vulnerability.
|