First published: Wed Aug 28 2019(Updated: )
iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ithemes Exchange | <1.12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9363 is a vulnerability found in iThemes Exchange before version 1.12.0 for WordPress, which allows for XSS attacks.
XSS stands for Cross-Site Scripting, which is a type of vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
CVE-2015-9363 affects iThemes Exchange before version 1.12.0 for WordPress by enabling XSS attacks through the add_query_arg() and remove_query_arg() functions.
The severity of CVE-2015-9363 is rated as medium with a CVSS severity score of 6.1.
To fix CVE-2015-9363, upgrade iThemes Exchange to version 1.12.0 or later, as this vulnerability has been patched in that version.