First published: Wed Aug 28 2019(Updated: )
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ithemes Stripe | <1.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9374 is a vulnerability in the Stripe Add-on for iThemes Exchange before version 1.2.0 for WordPress that allows for cross-site scripting (XSS) attacks.
The severity of CVE-2015-9374 is medium with a CVSS score of 6.1.
CVE-2015-9374 affects iThemes Stripe for WordPress versions before 1.2.0 and allows for XSS attacks via add_query_arg() and remove_query_arg() functions.
Yes, the fix for CVE-2015-9374 is to update iThemes Stripe for WordPress to version 1.2.0 or newer.
You can find more information about CVE-2015-9374 in the following references: [Reference 1](https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html), [Reference 2](https://ithemes.com/coordinated-wordpress-plugin-security-update/).