VDB
CVE-2015-5734
CVE-2015-5734
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string.
EPSS 3.45% · 87.7th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
3.45%
87.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| wordpress | wordpress | 0 |
Timeline
- Nov 9, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Dec 17, 2024 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
- Jul 1, 2025 EPSS Score
References
- https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ url
- [oss-security] 20150804 Re: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities mailing-list
- 1033178 vdb
- https://core.trac.wordpress.org/changeset/33549 url
- DSA-3332 vendor-advisory
- 76331 vdb
- https://wpvulndb.com/vulnerabilities/8133 url
- https://codex.wordpress.org/Version_4.2.4 url
- DSA-3383 vendor-advisory
- https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html url
- https://nvd.nist.gov/vuln/detail/CVE-2015-5734 advisory
- https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release url