First published: Wed Aug 28 2019(Updated: )
iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg().
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ithemes Builder Theme Depot | <5.0.30 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2015-9377 is medium.
CVE-2015-9377 affects iThemes Builder Theme Depot versions up to 5.0.30.
The CWE number for CVE-2015-9377 is 79.
To fix CVE-2015-9377, update iThemes Builder Theme Depot to version 5.0.30 or higher.
You can find more information about CVE-2015-9377 in the following references: 1. https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html 2. https://ithemes.com/coordinated-wordpress-plugin-security-update/