VDB

CVE-2015-5734

CVE-2015-5734 PUBLISHED CVSS 4.300000190734863 MEDIUM

Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.

EPSS 3.45% · 87.7th percentile

Risk Scores

CVSS 2.0
4.300000190734863
EPSS Score
3.45%
87.7th percentile

Affected Products

VendorProductVersions
n/an/an/a
wordpresswordpress0

Timeline

  • Nov 9, 2015 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Mar 23, 2025 EPSS Score
  • Mar 24, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • Jun 1, 2025 EPSS Score
  • Jun 4, 2025 EPSS Score
  • Jul 1, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›