FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- XSS vulnerability

Affected packages
wordpress < 4.2.3,1
de-wordpress < 4.2.3
ja-wordpress < 4.2.3
ru-wordpress < 4.2.3
zh-wordpress-zh_CN < 4.2.3
zh-wordpress-zh_TW < 4.2.3


VuXML ID c80b27a2-3165-11e5-8a1d-14dae9d210b8
Discovery 2015-07-23
Entry 2015-07-23
Modified 2015-09-15

Gary Pendergast reports:

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team.


CVE Name CVE-2015-5622
CVE Name CVE-2015-5623