First published: Wed Aug 28 2019(Updated: )
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg().
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ithemes Builder Style Manager | <0.7.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9379 is a vulnerability in iThemes Builder Style Manager for WordPress that allows XSS attacks via add_query_arg() and remove_query_arg().
CVE-2015-9379 has a severity rating of 6.1 (medium).
The affected software for CVE-2015-9379 is iThemes Builder Style Manager for WordPress versions up to and excluding 0.7.7.
To fix CVE-2015-9379, update iThemes Builder Style Manager for WordPress to version 0.7.7 or higher.
You can find more information about CVE-2015-9379 in the following references: [link1](https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html), [link2](https://ithemes.com/coordinated-wordpress-plugin-security-update/)