First published: Wed Jan 15 2020(Updated: )
Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Plot Plotly | <1.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2015-5484 is medium with a CVSS score of 5.4.
The Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML through a post.
An attacker can exploit CVE-2015-5484 by injecting arbitrary web script or HTML into a post using the Plotly plugin before 1.0.3 for WordPress.
Yes, the fix for CVE-2015-5484 is available in the version 1.0.3 of the Plotly plugin for WordPress.
The Common Weakness Enumeration (CWE) ID associated with CVE-2015-5484 is CWE-79.