WordPress Cross-Site Scripting and Scripting Insertion Two Vulnerabilities


Description   Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
For more information:
SA63838
SA64407
The vulnerabilities are reported in version prior to 3.9.6.
     
Vulnerable Products   Vulnerable Software:
WordPress 3.x
     
Solution   Update to version 3.9.6.
     
CVE   CVE-2015-3440
CVE-2015-3429
     
References   http://codex.wordpress.org/Version_3.9.6
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Wordpress : DOM-XSS in genericons package
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-05-07 

 Target Type 
Client + Server 

 Possible exploit 
Remote