First published: Wed Aug 28 2019(Updated: )
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Automattic Jetpack | <3.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2015-9359.
The severity of CVE-2015-9359 is medium.
The affected software is the Jetpack plugin before version 3.4.3 for WordPress.
The root cause of this vulnerability is XSS (Cross-Site Scripting) via add_query_arg() and remove_query_arg() functions.
To fix CVE-2015-9359, update the Jetpack plugin to version 3.4.3 or newer.