VDB
CVE-2015-3440
CVE-2015-3440
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
EPSS 14.39% · 94.6th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
14.39%
94.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wordpress | wordpress | 0 |
| n/a | n/a | n/a |
| debian | debian_linux | 7.0, 8.0 |
Timeline
- Aug 3, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Dec 22, 2022 EPSS Score
- Jul 10, 2024 EPSS Score
- Dec 7, 2024 EPSS Score
- Dec 17, 2024 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 5, 2025 EPSS Score
- Apr 6, 2025 EPSS Score
References
- 36844 exploit
- FEDORA-2015-6778 vendor-advisory
- http://codex.wordpress.org/Version_4.2.1 url
- https://klikki.fi/adv/wordpress2.html url
- https://wpvulndb.com/vulnerabilities/7945 url
- https://wordpress.org/news/2015/04/wordpress-4-2-1/ url
- FEDORA-2015-6790 vendor-advisory
- 74334 vdb
- 20150426 WordPress 4.2 stored XSS mailing-list
- https://core.trac.wordpress.org/changeset/32299 url
- 121320 vdb
- 1032199 vdb
- DSA-3250 vendor-advisory
- FEDORA-2015-6808 vendor-advisory
- http://packetstormsecurity.com/files/131644/WordPress-4.2-Cross-Site-Scripting.html url
- https://nvd.nist.gov/vuln/detail/CVE-2015-3440 advisory
- https://wordpress.org/news/2015/04/wordpress-4-2-1 url
- https://www.exploit-db.com/exploits/36844 url