Medium severity5.4NVD Advisory· Published May 22, 2016· Updated Jun 17, 2026
CVE-2015-7989
CVE-2015-7989
Description
Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 2 more
- (no CPE)
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=4.3.0
- (no CPE)range: <4.3.1
Patches
Vulnerability mechanics
References
8- codex.wordpress.org/Version_4.3.1nvdPatchVendor Advisory
- github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290anvdPatch
- wordpress.org/news/2015/09/wordpress-4-3-1/nvdPatchVendor Advisory
- www.debian.org/security/2015/dsa-3375nvd
- www.debian.org/security/2015/dsa-3383nvd
- www.securitytracker.com/id/1033979nvd
- security-tracker.debian.org/tracker/CVE-2015-7989nvd
- wpvulndb.com/vulnerabilities/8187nvd
News mentions
0No linked articles in our index yet.