CVE-2014-9035: XSS
First published: Tue Nov 25 2014(Updated: )
Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress | <=3.7.4 | |
| WordPress | =3.8 | |
| WordPress | =3.8.1 | |
| WordPress | =3.8.2 | |
| WordPress | =3.8.3 | |
| WordPress | =3.8.4 | |
| WordPress | =3.9 | |
| WordPress | =3.9.1 | |
| WordPress | =3.9.2 | |
| WordPress | =4.0 | |
| Debian GNU/Linux | =7.0 | |
| Debian GNU/Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0493.html
- http://openwall.com/lists/oss-security/2014/11/25/12
- http://www.debian.org/security/2014/dsa-3085
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:233
- http://www.securityfocus.com/bid/71236
- http://www.securitytracker.com/id/1031243
- https://wordpress.org/news/2014/11/wordpress-4-0-1/
Frequently Asked Questions
What is the severity of CVE-2014-9035?
CVE-2014-9035 is classified as a moderate severity cross-site scripting vulnerability that allows remote attackers to inject arbitrary web scripts or HTML.
How do I fix CVE-2014-9035?
To fix CVE-2014-9035, you should upgrade your WordPress installation to version 3.7.5 or later, or any 3.8.x version after 3.8.5, or any 3.9.x version after 3.9.3, or 4.x version after 4.0.1.
Which versions of WordPress are affected by CVE-2014-9035?
CVE-2014-9035 affects WordPress versions prior to 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1.
Can CVE-2014-9035 be exploited by attackers?
Yes, CVE-2014-9035 can be exploited by attackers to execute arbitrary web scripts, leading to potential unauthorized actions on behalf of the user.
What types of attacks are possible with CVE-2014-9035?
CVE-2014-9035 can lead to cross-site scripting attacks where an attacker can inject harmful scripts that may steal cookies, session tokens, or sensitive information.
- agent/type
- agent/author
- agent/references
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wordpress
- canonical/wordpress
- version/wordpress/3.7.4
- version/wordpress/3.8
- version/wordpress/3.8.1
- version/wordpress/3.8.2
- version/wordpress/3.8.3
- version/wordpress/3.8.4
- version/wordpress/3.9
- version/wordpress/3.9.1
- version/wordpress/3.9.2
- version/wordpress/4.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- version/debian gnu/linux/8.0