First published: Wed Aug 28 2019(Updated: )
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ithemes Membership | <1.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9372 is a vulnerability in the Membership Add-on for iThemes Exchange plugin for WordPress that allows for cross-site scripting (XSS) attacks.
CVE-2015-9372 affects WordPress websites that have the Membership Add-on for iThemes Exchange plugin installed and running a version before 1.3.0.
CVE-2015-9372 has a severity rating of medium, with a CVSS score of 6.1.
To fix CVE-2015-9372, users should update the Membership Add-on for iThemes Exchange plugin to version 1.3.0 or later.
Yes, you can refer to the following resources for more information on CVE-2015-9372: - [Sucuri Blog](https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html) - [iThemes Security Advisory](https://ithemes.com/coordinated-wordpress-plugin-security-update/)