First published: Wed Aug 28 2019(Updated: )
iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg().
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ithemes Mobile | <1.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9376 is a cross-site scripting (XSS) vulnerability in the iThemes Mobile plugin for WordPress.
CVE-2015-9376 has a severity score of 6.1, which is considered medium.
CVE-2015-9376 affects iThemes Mobile versions up to and including 1.2.8 for WordPress.
The XSS vulnerability in iThemes Mobile can be exploited through the use of the add_query_arg() and remove_query_arg() functions.
Yes, the vulnerability can be fixed by updating iThemes Mobile to version 1.2.8 or above.