CVE-2015-9294

Name of the Vulnerable Software and Affected Versions all-in-one-wp-security-and-firewall plugin versions prior to 3.9.5

Description The issue concerns a cross-site scripting (XSS) problem in the add query arg and remove query arg function instances. This could potentially allow attackers to inject malicious scripts into websites using the all-in-one-wp-security-and-firewall plugin for WordPress.

Recommendations For versions prior to 3.9.5, update to version 3.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the add query arg and remove query arg functions until the update is applied.