First published: Wed Aug 28 2019(Updated: )
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ithemes Invoices | <1.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Invoices Add-on for iThemes Exchange is CVE-2015-9370.
The severity of CVE-2015-9370 is medium.
The Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress is affected by CVE-2015-9370.
CVE-2015-9370 exploits the vulnerability through the use of add_query_arg() and remove_query_arg() functions in the Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress, allowing for cross-site scripting (XSS) attacks.
Yes, you can find references for CVE-2015-9370 at the following links: [link1] [link2].