VDB

CVE-2015-3440

CVE-2015-3440 PUBLISHED CVSS 4.300000190734863 MEDIUM

Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.

EPSS 14.39% · 94.6th percentile

Risk Scores

CVSS 2.0
4.300000190734863
EPSS Score
14.39%
94.6th percentile

Affected Products

VendorProductVersions
wordpresswordpress0
n/an/an/a
debiandebian_linux7.0, 8.0

Timeline

  • Aug 3, 2015 CVE Published
  • Feb 4, 2022 EPSS Score
  • Dec 22, 2022 EPSS Score
  • Jul 10, 2024 EPSS Score
  • Dec 7, 2024 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Mar 23, 2025 EPSS Score
  • Mar 24, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 5, 2025 EPSS Score
  • Apr 6, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›