04 Mar 2015
CVE-2015-2218 Vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. (CVSS:4.3) (Last Update:2015-03-05)
Vulnerability Details : (1 public exploit) Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. Publish Date : 2015-03-05 Last Update Date : 2015-03-05 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2015-2218
- Number Of Affected Versions By Product
- References For CVE-2015-2218
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2015-2218There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |