WordPress · Incoming-Links Plugin · CVE-2015-9472
**Name of the Vulnerable Software and Affected Versions**
incoming-links plugin versions prior to 0.9.10b for WordPress
**Description**
The issue allows for XSS via the Referer HTTP header in the referrers.php file.
**Recommendations**
For versions prior to 0.9.10b, update to version 0.9.10b or later to resolve the issue. As a temporary workaround, consider restricting access to the referrers.php file until the update is applied.