CVE-2015-6920

Name of the Vulnerable Software and Affected Versions sourceAFRICA plugin version 0.1.3

Description The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter in the js/window.php file.

Recommendations For sourceAFRICA plugin version 0.1.3, consider disabling access to the js/window.php file until a patch is available, or restrict the use of the wpbase parameter to minimize the risk of exploitation.