First published: Wed Aug 28 2019(Updated: )
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ithemes Custom Url Tracking | <1.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9366 is a vulnerability in the Custom URL Tracking Add-on for iThemes Exchange before version 1.1.0 for WordPress, which allows for XSS attacks using the add_query_arg() and remove_query_arg() functions.
CVE-2015-9366 has a medium severity with a CVSS score of 6.1.
CVE-2015-9366 affects iThemes Exchange versions before 1.1.0, specifically the Custom URL Tracking Add-on.
The CWE for CVE-2015-9366 is CWE-79, which is related to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
For more information about CVE-2015-9366, you can refer to the following references: [link1](https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html) [link2](https://ithemes.com/coordinated-wordpress-plugin-security-update/)