CVE-2015-2195

Name of the Vulnerable Software and Affected Versions WP Media Cleaner plugin version 2.2.6

Description The issue allows remote attackers to inject arbitrary web script or HTML via the view, paged, or s parameter in the "wp-media-cleaner" page to "wp-admin/upload.php". This can lead to cross-site scripting (XSS) attacks.

Recommendations For WP Media Cleaner plugin version 2.2.6, consider disabling access to the vulnerable parameters view, paged, and s in the "wp-media-cleaner" page until a patch is available. Restrict access to the wp-admin/upload.php page to minimize the risk of exploitation.