CVE-2014-9031
Published: 25 November 2014
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
Priority
Status
Package | Release | Status |
---|---|---|
wordpress Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(4.0.1+dfsg-1)
|
bionic |
Not vulnerable
(4.0.1+dfsg-1)
|
|
cosmic |
Not vulnerable
(4.0.1+dfsg-1)
|
|
disco |
Not vulnerable
(4.0.1+dfsg-1)
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(4.0.1+dfsg-1)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(4.0.1+dfsg-1)
|
|
wily |
Not vulnerable
(4.0.1+dfsg-1)
|
|
xenial |
Not vulnerable
(4.0.1+dfsg-1)
|
|
yakkety |
Not vulnerable
(4.0.1+dfsg-1)
|
|
zesty |
Not vulnerable
(4.0.1+dfsg-1)
|