VDB
DEBIAN-CVE-2014-9031
DEBIAN-CVE-2014-9031
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | wordpress | 0, 0, 0 |
| Debian:13 | wordpress | 0, 0, 0 |
| Debian:12 | wordpress | 0, 0, 0 |
| Debian:14 | wordpress | 0 |
Timeline
- Nov 25, 2014 CVE Published
- May 7, 2026 CVE Updated